v8/regress-707187.js at 8d921ca7f39d03f7bffc4a8fc100f9bada742c42 - v8 - Gitea: Git with a cup of tea

AuroraMiddleware/v8

jgruber 686c37839c [regexp] Revert to ZoneList usage in @@replace

Fixes a crash found by clusterfuzz caused by a call to
std::vector::reserve with a huge capacity, and reverts to ZoneList
handling as a tentative fix for performance regressions on the slow
@@replace path.

BUG=chromium:707187,chromium:706748,v8:5437

Review-Url: https://codereview.chromium.org/2787343002
Cr-Commit-Position: refs/heads/master@{#44311}

2017-03-31 14:38:36 +00:00

13 lines

294 B

JavaScript

Raw Blame History

 // Copyright 2017 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 let i = 0;
 let re = /./g;
 re.exec = () => {
   if (i++ == 0) return { length: 2147483648 };
   return null;
 };
 "".replace(re);