[regexp] Fix yet another invalid use related to range arrays

`Equals` did not properly account for arrays with odd lengths.

Bug: v8:11069
Change-Id: I3264ebef248adcecd59b902bf1521cfddbd5a69d
Fixed: chromium:1267674
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3264218
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77756}
This commit is contained in:
Jakob Gruber 2021-11-08 09:35:29 +01:00 committed by V8 LUCI CQ
parent 3a858a91fa
commit c9d23462a5
2 changed files with 11 additions and 4 deletions

View File

@ -130,13 +130,13 @@ int RangeArrayLengthFor(const ZoneList<CharacterRange>* ranges) {
} }
bool Equals(const ZoneList<CharacterRange>* lhs, const Handle<ByteArray>& rhs) { bool Equals(const ZoneList<CharacterRange>* lhs, const Handle<ByteArray>& rhs) {
if (rhs->length() != RangeArrayLengthFor(lhs) * kUInt16Size) return false; DCHECK_EQ(rhs->length() % kUInt16Size, 0); // uc16 elements.
const int rhs_length = rhs->length() / kUInt16Size;
if (rhs_length != RangeArrayLengthFor(lhs)) return false;
for (int i = 0; i < lhs->length(); i++) { for (int i = 0; i < lhs->length(); i++) {
const CharacterRange& r = lhs->at(i); const CharacterRange& r = lhs->at(i);
if (rhs->get_uint16(i * 2 + 0) != r.from()) return false; if (rhs->get_uint16(i * 2 + 0) != r.from()) return false;
if (i == lhs->length() - 1 && r.to() == kMaxUInt16) { if (i * 2 + 1 == rhs_length) break;
break; // Avoid overflow by leaving the last range open-ended.
}
if (rhs->get_uint16(i * 2 + 1) != r.to() + 1) return false; if (rhs->get_uint16(i * 2 + 1) != r.to() + 1) return false;
} }
return true; return true;

View File

@ -0,0 +1,7 @@
// Copyright 2021 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
//
// Flags: --no-regexp-tier-up
assertNull(/[PxdsuJ\W]+\x00/imsy.exec());