Closed Bug 1596298 Opened 5 years ago Closed 5 years ago

[wpt-sync] Sync PR 20245 - Limit backtracking on regexp called from blink.

Tracking

()

Status:

RESOLVED FIXED

Milestone:

mozilla73

Tracking Flags:

Tracking

Status

firefox73

---

fixed

People

(Reporter: mozilla.org, Unassigned)

References

(
URL
)

Details

(Whiteboard: [wptsync downstream])

Web Platform Test Sync Bot (Matrix: #interop:mozilla.org)

Assignee

Description

•

5 years ago

Sync web-platform-tests PR 20245 into mozilla-central (this bug is closed when the sync is complete).

PR: https://github.com/web-platform-tests/wpt/pull/20245
Details from upstream follow.

Dave Tapuska <dtapuska@chromium.org> wrote:

Limit backtracking on regexp called from blink.

It is possible to block the main thread with a invalid pattern, input
and CSS. Now that V8 has added a backtracking limit take advantage of it.
1000000 matches the limit Yarr (webkit's regex engine). See
https://github.com/WebKit/webkit/blob/89c28d471fae35f1788a0f857067896a10af8974/Source/JavaScriptCore/yarr/Yarr.h#L50

BUG=966405

Change-Id: I08bc956806bc7efb8cdc06dc0db30fa94e68df9c
Reviewed-on: https://chromium-review.googlesource.com/1915280
WPT-Export-Revision: 3ecd6e7b7d8c9db0e906654f2fa9d3acc9ffa232

Web Platform Test Sync Bot (Matrix: #interop:mozilla.org)

Assignee

Updated

•

5 years ago

Component: web-platform-tests → DOM: Core & HTML

Product: Testing → Core

Web Platform Test Sync Bot (Matrix: #interop:mozilla.org)

Assignee

Updated

•

5 years ago

Status: NEW → RESOLVED

Closed: 5 years ago

Resolution: --- → INVALID

Web Platform Test Sync Bot (Matrix: #interop:mozilla.org)

Assignee

Updated

•

5 years ago

Status: RESOLVED → REOPENED

Resolution: INVALID → ---

Web Platform Test Sync Bot (Matrix: #interop:mozilla.org)

Assignee

Comment 1

•

5 years ago

Pushed to try (stability) https://treeherder.mozilla.org/#/jobs?repo=try&revision=290c2f7578246811a56cf70829213c14a0731ab4

Web Platform Test Sync Bot (Matrix: #interop:mozilla.org)

Assignee

Comment 2

•

5 years ago

GitHub CI Results

wpt.fyi PR Results Base Results

Ran 1 tests and 1 subtests

Firefox

TIMEOUT: 1

Chrome

OK : 1
PASS: 1

Safari

OK : 1
PASS: 1

Firefox-only failures

/html/semantics/forms/constraints/infinite_backtracking.html: Firefox: TIMEOUT
Infinite backtracking pattern terminates: Firefox: MISSING

Web Platform Test Sync Bot (Matrix: #interop:mozilla.org)

Assignee

Updated

•

5 years ago

Depends on: 1600603

Pulsebot

Comment 3

•

5 years ago

Pushed by wptsync@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/cd9ec693cb90 [wpt PR 20245] - Limit backtracking on regexp called from blink., a=testonly https://hg.mozilla.org/integration/autoland/rev/80a50ffb2d2d [wpt PR 20245] - Update wpt metadata, a=testonly

Andreea Pavel [:apavel]

Comment 4

•

5 years ago

bugherder

https://hg.mozilla.org/mozilla-central/rev/cd9ec693cb90
https://hg.mozilla.org/mozilla-central/rev/80a50ffb2d2d

Status: REOPENED → RESOLVED

Closed: 5 years ago → 5 years ago

status-firefox73: --- → fixed

Resolution: --- → FIXED

Target Milestone: --- → mozilla73

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

[wpt-sync] Sync PR 20245 - Limit backtracking on regexp called from blink.

Categories

(Core :: DOM: Core & HTML, task, P4)

Tracking

()

People

(Reporter: mozilla.org, Unassigned)

References

(
URL
)

Details

(Whiteboard: [wptsync downstream])

Crash Data

Security

(public)

User Story

Description

Updated

Updated

Updated

Comment 1

Comment 2

GitHub CI Results

Firefox

Chrome

Safari

Firefox-only failures

Updated

Comment 3

Comment 4