From b602433d5244c01d5474b5e7354d576e67f83634 Mon Sep 17 00:00:00 2001 From: Peter Gal Date: Tue, 19 May 2020 16:26:16 +0200 Subject: [PATCH] Fix regexp flag handling in case of regexp like object The regexp flag should be correctly referenced and released if an existing regexp like object is used for constructing a new one. JerryScript-DCO-1.0-Signed-off-by: Peter Gal pgal.usz@partner.samsung.com --- .../builtin-objects/ecma-builtin-regexp.c | 40 ++++++++----------- .../es2015/regression-test-issue-3760.js | 22 ++++++++++ 2 files changed, 39 insertions(+), 23 deletions(-) create mode 100644 tests/jerry/es2015/regression-test-issue-3760.js diff --git a/jerry-core/ecma/builtin-objects/ecma-builtin-regexp.c b/jerry-core/ecma/builtin-objects/ecma-builtin-regexp.c index f50989a7d6..f526b9c991 100644 --- a/jerry-core/ecma/builtin-objects/ecma-builtin-regexp.c +++ b/jerry-core/ecma/builtin-objects/ecma-builtin-regexp.c @@ -136,6 +136,10 @@ ecma_builtin_regexp_dispatch_helper (const ecma_value_t *arguments_list_p, /**< return flags_value; } } + else + { + flags_value = ecma_copy_value (flags_value); + } free_arguments = true; } @@ -151,35 +155,30 @@ ecma_builtin_regexp_dispatch_helper (const ecma_value_t *arguments_list_p, /**< } #endif /* ENABLED (JERRY_ES2015) */ + ecma_value_t ret_value = ECMA_VALUE_ERROR; ecma_object_t *new_target_obj_p = ecma_op_regexp_alloc (new_target_p); - if (JERRY_UNLIKELY (new_target_obj_p == NULL)) + if (JERRY_LIKELY (new_target_obj_p != NULL)) { #if ENABLED (JERRY_ES2015) - if (free_arguments) + if (create_regexp_from_bc) { - ecma_free_value (pattern_value); - ecma_free_value (flags_value); + ret_value = ecma_op_create_regexp_from_bytecode (new_target_obj_p, bc_p); + JERRY_ASSERT (!ECMA_IS_VALUE_ERROR (ret_value)); } + else #endif /* ENABLED (JERRY_ES2015) */ + { + ret_value = ecma_op_create_regexp_from_pattern (new_target_obj_p, pattern_value, flags_value); - return ECMA_VALUE_ERROR; + if (ECMA_IS_VALUE_ERROR (ret_value)) + { + ecma_deref_object (new_target_obj_p); + } + } } - ecma_value_t ret_value; - #if ENABLED (JERRY_ES2015) - if (create_regexp_from_bc) - { - ret_value = ecma_op_create_regexp_from_bytecode (new_target_obj_p, bc_p); - } - else - { -#endif /* ENABLED (JERRY_ES2015) */ - ret_value = ecma_op_create_regexp_from_pattern (new_target_obj_p, pattern_value, flags_value); -#if ENABLED (JERRY_ES2015) - } - if (free_arguments) { ecma_free_value (pattern_value); @@ -187,11 +186,6 @@ ecma_builtin_regexp_dispatch_helper (const ecma_value_t *arguments_list_p, /**< } #endif /* ENABLED (JERRY_ES2015) */ - if (ECMA_IS_VALUE_ERROR (ret_value)) - { - ecma_deref_object (new_target_obj_p); - } - return ret_value; } /* ecma_builtin_regexp_dispatch_helper */ diff --git a/tests/jerry/es2015/regression-test-issue-3760.js b/tests/jerry/es2015/regression-test-issue-3760.js new file mode 100644 index 0000000000..c5a676020e --- /dev/null +++ b/tests/jerry/es2015/regression-test-issue-3760.js @@ -0,0 +1,22 @@ +// Copyright JS Foundation and other contributors, http://js.foundation +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +var split = RegExp.prototype[Symbol.split]; + +try { + split.call({[Symbol.match]: "g"}); + assert(false); +} catch (ex) { + assert(ex instanceof SyntaxError); +}