mirrors/ladybird
0
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2025-08-17 15:59:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

LibRegex: Avoid use-after-return of MatchState in 'is_an_eligible_jump'

Browse source 
The opcode may have last been accessed by
block_satisfies_atomic_rewrite_precondition, which would set it to a
state that no longer exists.
Set the state to the correct one unconditionally to ensure we're looking
at the right value.
Fixes #5145.
This commit is contained in:
Ali Mohammad Pur 2025-06-24 16:41:28 +02:00 committed by Jelle Raaijmakers
commit b0e471228d
Notes: github-actions[bot] 2025-06-24 16:44:28 +00:00
2 changed files with 5 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

4
Libraries/LibRegex/RegexByteCode.h
View file

@ -652,7 +652,7 @@ public:
ALWAYS_INLINE StringView name() const; ALWAYS_INLINE StringView name() const;
static StringView name(OpCodeId); static StringView name(OpCodeId);
ALWAYS_INLINE void set_state(MatchState& state) { m_state = &state; } ALWAYS_INLINE void set_state(MatchState const& state) { m_state = &state; }
ALWAYS_INLINE void set_bytecode(ByteCode& bytecode) { m_bytecode = &bytecode; } ALWAYS_INLINE void set_bytecode(ByteCode& bytecode) { m_bytecode = &bytecode; }
@ -673,7 +673,7 @@ public:
protected: protected:
ByteCode* m_bytecode { nullptr }; ByteCode* m_bytecode { nullptr };
MatchState* m_state { nullptr }; MatchState const* m_state { nullptr };
}; };
class OpCode_Exit final : public OpCode { class OpCode_Exit final : public OpCode {

5
Libraries/LibRegex/RegexOptimizer.cpp
View file

@ -1013,8 +1013,10 @@ void Regex<Parser>::attempt_rewrite_loops_as_atomic_groups(BasicBlockList const&
AlternateForm form; AlternateForm form;
}; };
Vector<CandidateBlock> candidate_blocks; Vector<CandidateBlock> candidate_blocks;
auto state = MatchState::only_for_enumeration();
auto is_an_eligible_jump = [](OpCode const& opcode, size_t ip, size_t block_start, AlternateForm alternate_form) { auto is_an_eligible_jump = [&state](OpCode& opcode, size_t ip, size_t block_start, AlternateForm alternate_form) {
opcode.set_state(state);
switch (opcode.opcode_id()) { switch (opcode.opcode_id()) {
case OpCodeId::JumpNonEmpty: { case OpCodeId::JumpNonEmpty: {
auto const& op = static_cast<OpCode_JumpNonEmpty const&>(opcode); auto const& op = static_cast<OpCode_JumpNonEmpty const&>(opcode);
@ -1049,7 +1051,6 @@ void Regex<Parser>::attempt_rewrite_loops_as_atomic_groups(BasicBlockList const&
Optional<Block> fork_fallback_block; Optional<Block> fork_fallback_block;
if (i + 1 < basic_blocks.size()) if (i + 1 < basic_blocks.size())
fork_fallback_block = basic_blocks[i + 1]; fork_fallback_block = basic_blocks[i + 1];
auto state = MatchState::only_for_enumeration();
// Check if the last instruction in this block is a jump to the block itself: // Check if the last instruction in this block is a jump to the block itself:
{ {
state.instruction_position = forking_block.end; state.instruction_position = forking_block.end;