Bug 248809 - Inconsistent output compared with other JS engines when using RegExp.prototype.exec()
Summary: Inconsistent output compared with other JS engines when using RegExp.prototyp...
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords: BrowserCompat, InRadar
Depends on:
Blocks:
 
Reported: 2022-12-05 22:59 PST by Yeting Li
Modified: 2023-03-13 13:33 PDT (History)
4 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Yeting Li 2022-12-05 22:59:46 PST 
Hello,

The code below does not have the same behavior as other engines (e.g., V8 in Google Chrome and SpiderMonkey in Firefox).

var regex=/([A-z]?\w{0,7})+(?:\1)/
console.log(regex.exec("DzVoQoowXSmB5QNFySmB5QNFy"))

In JavaScriptCore, the output is
null

However, in V8 and SpiderMonkey, output is
["DzVoQoowXSmB5QNFySmB5QNFy", "SmB5QNFy"]



Best,
Yeting Li
Comment 1 Radar WebKit Bug Importer 2022-12-07 19:52:08 PST 
<rdar://problem/103101546>
Comment 2 Michael Saboff 2023-03-13 13:33:45 PDT 
Is there a webpage that has a webpage with a RegExp with this pattern?

The regex in question fails in the JSC RegExp JIT due to running out of memory for handling the greedy parenthesis backtracking and then the iRegExp interpreter tries the match exceeding the 1,000,000 maximum disjunction match count.

If the RegExp is minimum count for the word character is changed from 0 to 1, the match succeeds in the JIT.  e.g. regex=/([A-z]?\w{1,7})+(?:\1)/

There still may be a bug here.  I will investigate further.