Closed Bug 843006 Opened 11 years ago Closed 6 years ago

Incorrect implementation of string.replace() with characters "$01" to "$09"

Categories

(Tamarin Graveyard :: Library, defect)

Product:
Tamarin Graveyard
Component:
Library
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: memmie, Unassigned)

Details

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:19.0) Gecko/20100101 Firefox/19.0
Build ID: 20130212082553

Steps to reproduce:

"firstCapture".replace(/(firstCapture)/g, "$01");



Actual results:

It's return "firstCapture1"


Expected results:

It's return "firstCapture"

The bug come from RegExpObject.cpp http://hg.mozilla.org/tamarin-central/file/fbecf6c8a86f/core/RegExpObject.cpp#l550 :
ptr += (i >= 10) ? 3 : 2;
when "i" is less than 10, then it shift 2 chars, but it's could also 3: "$1" <=> "$01"
Tamarin is a dead project now. Mass WONTFIX.
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → WONTFIX
Tamarin isn't maintained anymore. WONTFIX remaining bugs.
You need to log in before you can comment on or make changes to this bug.