Bug 617505 - Don't OOM so easily growing dense arrays, r=gal
authorGregor Wagner <anygregor@gmail.com>
Wed, 08 Dec 2010 16:34:38 -0800
changeset 59001 aa1d2555b057e425605094e065501b678a09c84c
parent 59000 49f6b73ae373fc6fa432d458e56a456cbeb17a3b
child 59002 8220ab3cbe995be4de5e8e213914669101a1f609
push id17488
push userrsayre@mozilla.com
push dateThu, 09 Dec 2010 18:38:23 +0000
treeherderautoland@58dcad7165be [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersgal
bugs617505
milestone2.0b8pre
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 617505 - Don't OOM so easily growing dense arrays, r=gal
js/src/jscntxt.h
js/src/jsobj.cpp
--- a/js/src/jscntxt.h
+++ b/js/src/jscntxt.h
@@ -1651,16 +1651,23 @@ struct JSRuntime {
      * reporting OOM error when cx is not null.
      */
     void* calloc(size_t bytes, JSContext *cx = NULL) {
         updateMallocCounter(bytes);
         void *p = ::js_calloc(bytes);
         return JS_LIKELY(!!p) ? p : onOutOfMemory(reinterpret_cast<void *>(1), bytes, cx);
     }
 
+    void* realloc(void* p, size_t oldBytes, size_t newBytes, JSContext *cx = NULL) {
+        JS_ASSERT(oldBytes < newBytes);
+        updateMallocCounter(newBytes - oldBytes);
+        void *p2 = ::js_realloc(p, newBytes);
+        return JS_LIKELY(!!p2) ? p2 : onOutOfMemory(p, newBytes, cx);
+    }
+
     void* realloc(void* p, size_t bytes, JSContext *cx = NULL) {
         /*
          * For compatibility we do not account for realloc that increases
          * previously allocated memory.
          */
         if (!p)
             updateMallocCounter(bytes);
         void *p2 = ::js_realloc(p, bytes);
@@ -2290,16 +2297,20 @@ struct JSContext
         JS_ASSERT(bytes != 0);
         return runtime->calloc(bytes, this);
     }
 
     inline void* realloc(void* p, size_t bytes) {
         return runtime->realloc(p, bytes, this);
     }
 
+    inline void* realloc(void* p, size_t oldBytes, size_t newBytes) {
+        return runtime->realloc(p, oldBytes, newBytes, this);
+    }
+
     inline void free(void* p) {
 #ifdef JS_THREADSAFE
         if (gcBackgroundFree) {
             gcBackgroundFree->freeLater(p);
             return;
         }
 #endif
         runtime->free(p);
--- a/js/src/jsobj.cpp
+++ b/js/src/jsobj.cpp
@@ -3934,17 +3934,17 @@ JSObject::growSlots(JSContext *cx, size_
         JS_ReportOutOfMemory(cx);
         return false;
     }
 
     /* If nothing was allocated yet, treat it as initial allocation. */
     if (!hasSlotsArray())
         return allocSlots(cx, actualCapacity);
 
-    Value *tmpslots = (Value*) cx->realloc(slots, actualCapacity * sizeof(Value));
+    Value *tmpslots = (Value*) cx->realloc(slots, oldcap * sizeof(Value), actualCapacity * sizeof(Value));
     if (!tmpslots)
         return false;    /* Leave dslots as its old size. */
     slots = tmpslots;
     capacity = actualCapacity;
 
     /* Initialize the additional slots we added. */
     ClearValueRange(slots + oldcap, actualCapacity - oldcap, isDenseArray());
     return true;