From 24f53274ae2a037f6455baa366e2665d6e3e620b Mon Sep 17 00:00:00 2001
From: Ulf Hermann <ulf.hermann@qt.io>
Date: Mon, 9 Dec 2024 14:58:03 +0100
Subject: QtQml: Re-fix regular expressions with multiple matches

We should only bump the previous match if it was of size 0. Otherwise
oldSize + 1 is already one-past-end.

Amends commit 9d9413f3d3983b1d24fd878da14eed153e83cbaa.

Pick-to: 6.9 6.8 6.5
Fixes: QTBUG-132050
Change-Id: I5d6e85143723a2695c639109b68ee8df7d0fef50
Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io>
Reviewed-by: <carl@carlschwan.eu>
---
 src/qml/jsruntime/qv4stringobject.cpp | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'src/qml/jsruntime/qv4stringobject.cpp')

diff --git a/src/qml/jsruntime/qv4stringobject.cpp b/src/qml/jsruntime/qv4stringobject.cpp
index f7c7eae199..e4aacc3d2a 100644
--- a/src/qml/jsruntime/qv4stringobject.cpp
+++ b/src/qml/jsruntime/qv4stringobject.cpp
@@ -778,7 +778,14 @@ ReturnedValue StringPrototype::method_replace(const FunctionObject *b, const Val
             nMatchOffsets += re->captureCount() * 2;
             if (!regExp->global())
                 break;
-            offset = qMax(offset, matchOffsets[oldSize + 1])  + 1;
+
+            const uint matchBegin = matchOffsets[oldSize];
+            const uint matchEnd = matchOffsets[oldSize + 1];
+
+            // If we have a zero-sized match, don't match at the same place again.
+            const uint matchOffset = (matchBegin == matchEnd) ? matchEnd + 1 : matchEnd;
+
+            offset = std::max(offset + 1, matchOffset);
         }
         if (regExp->global()) {
             regExp->setLastIndex(0);
-- 
cgit v1.2.3