diff options
| author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2017-05-05 15:22:25 +0200 |
|---|---|---|
| committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2017-05-05 15:22:44 +0200 |
| commit | 4f62685dfa09d64a8fcd2de9ed0adb7fe5747b78 (patch) | |
| tree | 9dc9c3ba8ab461f7ee3d444222246be5ed55ae3f /chromium/v8/src/regexp/regexp-utils.cc | |
| parent | 19de26b7efd6b993f2af26cf435f04c716d3f5bc (diff) | |
| parent | bb09965444b5bb20b096a291445170876225268d (diff) | |
| download | qtwebengine-chromium-4f62685dfa09d64a8fcd2de9ed0adb7fe5747b78.tar.gz | |
Merge branch 'upstream-master' into 58-based
Change-Id: I8c280ca9068fdda9cf6276725bfb8608eccb497a
Diffstat (limited to 'chromium/v8/src/regexp/regexp-utils.cc')
| -rw-r--r-- | chromium/v8/src/regexp/regexp-utils.cc | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/chromium/v8/src/regexp/regexp-utils.cc b/chromium/v8/src/regexp/regexp-utils.cc index d40431866a3..570a348f74a 100644 --- a/chromium/v8/src/regexp/regexp-utils.cc +++ b/chromium/v8/src/regexp/regexp-utils.cc @@ -145,7 +145,14 @@ bool RegExpUtils::IsUnmodifiedRegExp(Isolate* isolate, Handle<Object> obj) { if (!proto->IsJSReceiver()) return false; Handle<Map> initial_proto_initial_map = isolate->regexp_prototype_map(); - return (JSReceiver::cast(proto)->map() == *initial_proto_initial_map); + if (JSReceiver::cast(proto)->map() != *initial_proto_initial_map) { + return false; + } + + // The smi check is required to omit ToLength(lastIndex) calls with possible + // user-code execution on the fast path. + Object* last_index = JSRegExp::cast(recv)->LastIndex(); + return last_index->IsSmi() && Smi::cast(last_index)->value() >= 0; } int RegExpUtils::AdvanceStringIndex(Isolate* isolate, Handle<String> string, |