From f7813172c2a6dd32abd154548d5ad13200b0bef7 Mon Sep 17 00:00:00 2001 From: Dmitry Volyntsev Date: Fri, 6 Oct 2023 16:51:53 -0700 Subject: [PATCH] Fixed RegExp.prototype.replace(). The issue was introduced in cf85d0f8640a. --- src/njs_regexp.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/src/njs_regexp.c b/src/njs_regexp.c index 839fc8de..970041d6 100644 --- a/src/njs_regexp.c +++ b/src/njs_regexp.c @@ -1541,10 +1541,6 @@ njs_regexp_prototype_symbol_replace(njs_vm_t *vm, njs_value_t *args, arguments, ncaptures, &groups, replace, retval); - if (njs_object_slots(r)) { - njs_regexp_exec_result_free(vm, njs_array(r)); - } - } else { ret = njs_array_expand(vm, array, 0, njs_is_defined(&groups) ? 3 : 2); @@ -1586,6 +1582,15 @@ njs_regexp_prototype_symbol_replace(njs_vm_t *vm, njs_value_t *args, next_pos = pos + (int64_t) m.length; } + + if (!func_replace && njs_object_slots(r)) { + /* + * Doing free here ONLY for non-function replace, because + * otherwise we cannot be certain the result of match + * was not stored elsewhere. + */ + njs_regexp_exec_result_free(vm, njs_array(r)); + } } if (next_pos < (int64_t) s.size) { -- 2.47.3