Bug 1542982 - Reject nursery sizes over 128MB r=jonco
authorPaul Bone <pbone@mozilla.com>
Wed, 17 Apr 2019 10:24:30 +0000
changeset 469857 a0eb669e2d77cd005c0da54375f8994f9e353c91
parent 469856 cdaa316e08f54ac8dc5efd6003f15365d6289d0f
child 469858 6b754628d15922d6f564ea222fbb0d90135e25a9
push id35883
push userbtara@mozilla.com
push dateWed, 17 Apr 2019 21:47:29 +0000
treeherdermozilla-central@02b89c29412b [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjonco
bugs1542982
milestone68.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1542982 - Reject nursery sizes over 128MB r=jonco Differential Revision: https://phabricator.services.mozilla.com/D26849
js/src/gc/GC.cpp
js/src/jit-test/tests/gc/bug-1542279.js
js/src/jit-test/tests/gc/bug-1542982.js
--- a/js/src/gc/GC.cpp
+++ b/js/src/gc/GC.cpp
@@ -1395,32 +1395,34 @@ bool GCRuntime::setParameter(JSGCParamKe
 
   return true;
 }
 
 bool GCSchedulingTunables::setParameter(JSGCParamKey key, uint32_t value,
                                         const AutoLockGC& lock) {
   // Limit heap growth factor to one hundred times size of current heap.
   const float MaxHeapGrowthFactor = 100;
+  const size_t MaxNurseryBytes = 128 * 1024 * 1024;
 
   switch (key) {
     case JSGC_MAX_BYTES:
       gcMaxBytes_ = value;
       break;
     case JSGC_MIN_NURSERY_BYTES:
       if ((value > gcMaxNurseryBytes_ && gcMaxNurseryBytes_ != 0) ||
-          value < ArenaSize) {
+          value < ArenaSize || value >= MaxNurseryBytes) {
         // We make an exception for gcMaxNurseryBytes_ == 0 since that special
         // value is used to disable generational GC.
         return false;
       }
       gcMinNurseryBytes_ = value;
       break;
     case JSGC_MAX_NURSERY_BYTES:
-      if ((value < gcMinNurseryBytes_) && (value != 0)) {
+      if (((value < gcMinNurseryBytes_) && (value != 0)) ||
+          value >= MaxNurseryBytes) {
         // Note that we make an exception for value == 0 as above.
         return false;
       }
       gcMaxNurseryBytes_ = value;
       break;
     case JSGC_HIGH_FREQUENCY_TIME_LIMIT:
       highFrequencyThreshold_ = TimeDuration::FromMilliseconds(value);
       break;
--- a/js/src/jit-test/tests/gc/bug-1542279.js
+++ b/js/src/jit-test/tests/gc/bug-1542279.js
@@ -1,8 +1,13 @@
 
-gcparam('maxNurseryBytes', 2 ** 32 - 1);
+load(libdir + "asserts.js");
+
+assertErrorMessage(
+  () => gcparam('maxNurseryBytes', 2 ** 32 - 1),
+  Error,
+  "Parameter value out of range");
 gc()
 
 gcparam('minNurseryBytes', 32*1024);
 gcparam('maxNurseryBytes', 64*1024);
 gc()
 
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/gc/bug-1542982.js
@@ -0,0 +1,20 @@
+
+load(libdir + "asserts.js");
+
+assertErrorMessage(
+  () => gcparam('minNurseryBytes', 0),
+  Error,
+  "Parameter value out of range");
+
+assertErrorMessage(
+  () => gcparam('maxNurseryBytes', 256*1024*1024),
+  Error,
+  "Parameter value out of range");
+
+// This is both bigger than the maximum and out of range. but there's no way
+// to test out of range without testing bigger than the maximum.
+assertErrorMessage(
+  () => gcparam('minNurseryBytes', 256*1024*1024),
+  Error,
+  "Parameter value out of range");
+