RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-25 13:57:35 +00:00
Code Issues Activity Actions

LibRegex: Don't add the Repeat instruction size to its jump target

Browse source 
This was causing the calculated jump target to become invalid, leading
to possibly invalid optimisations and (more likely) crashes.
Fixes #21047.
This commit is contained in:
Ali Mohammad Pur 2023-09-14 05:43:29 +03:30 committed by Ali Mohammad Pur
parent 9220c68408
commit 4d71f4edc4
2 changed files with 4 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
Userland/Libraries/LibRegex/RegexOptimizer.cpp
View file

@ -907,7 +907,7 @@ void Optimizer::append_alternation(ByteCode& target, Span<ByteCode> alternatives
has_any_backwards_jump |= static_cast<OpCode_ForkReplaceStay const&>(opcode).offset() < 0;
break;
case OpCodeId::Repeat:
incoming_jump_edges.ensure(static_cast<OpCode_Repeat const&>(opcode).offset() + state.instruction_position).append({ opcode_bytes });
incoming_jump_edges.ensure(state.instruction_position - static_cast<OpCode_Repeat const&>(opcode).offset()).append({ opcode_bytes });
has_any_backwards_jump = true;
break;
default:
@ -1139,7 +1139,7 @@ void Optimizer::append_alternation(ByteCode& target, Span<ByteCode> alternatives
jump_offset = static_cast<OpCode_ForkReplaceStay const&>(opcode).offset();
break;
case OpCodeId::Repeat:
jump_offset = static_cast<ssize_t>(0) - static_cast<ssize_t>(static_cast<OpCode_Repeat const&>(opcode).offset());
jump_offset = static_cast<ssize_t>(0) - static_cast<ssize_t>(static_cast<OpCode_Repeat const&>(opcode).offset()) - static_cast<ssize_t>(opcode.size());
break;
default:
is_jump = false;