[regexp] Abort on compilation overflow if flag passed

Abort execution on stack overflow during compilation if --abort-on-stack-or-string-length-overflow was passed (for correctness fuzzer support). Bug: chromium:778962 Change-Id: Idd50b47c4ddc03b7839ce850da95502fce4cc848 Reviewed-on: https://chromium-review.googlesource.com/750842 Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#49079}
2017-11-02 10:41:06 +01:00 · 2017-11-02 10:41:06 +01:00 · 759cfaa2ba
commit 759cfaa2ba
parent fd1fa35721
1 changed files with 4 additions and 0 deletions
--- a/src/regexp/jsregexp.cc
+++ b/src/regexp/jsregexp.cc
@ -330,6 +330,10 @@ bool RegExpImpl::CompileIrregexp(Handle<JSRegExp> re,
                            sample_subject, is_one_byte);
  if (result.error_message != nullptr) {
    // Unable to compile regexp.
+    if (FLAG_abort_on_stack_or_string_length_overflow &&
+        strncmp(result.error_message, "Stack overflow", 15) == 0) {
+      FATAL("Aborting on stack overflow");
+    }
    Handle<String> error_message = isolate->factory()->NewStringFromUtf8(
        CStrVector(result.error_message)).ToHandleChecked();
    ThrowRegExpException(re, error_message);