Bug 1177122 - handle OOM in JSStructuredCloneWriter destructor. r=evilpie
authorLars T Hansen <lhansen@mozilla.com>
Thu, 08 Oct 2015 10:25:23 +0100
changeset 266835 b31170d704caf2bb09c184b5655a6165a4469273
parent 266834 50ca52df7917edaace23e214dbf7a237fbd36439
child 266836 48a3c0d344578db5be0253037011d9fc59d8d10b
push id29499
push userkwierso@gmail.com
push dateThu, 08 Oct 2015 21:29:10 +0000
treeherdermozilla-central@46da59584acb [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersevilpie
bugs1177122
milestone44.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1177122 - handle OOM in JSStructuredCloneWriter destructor. r=evilpie
js/src/vm/StructuredClone.cpp
--- a/js/src/vm/StructuredClone.cpp
+++ b/js/src/vm/StructuredClone.cpp
@@ -729,19 +729,23 @@ SCOutput::extractBuffer(uint64_t** datap
 
 JS_STATIC_ASSERT(JSString::MAX_LENGTH < UINT32_MAX);
 
 JSStructuredCloneWriter::~JSStructuredCloneWriter()
 {
     // Free any transferable data left lying around in the buffer
     uint64_t* data;
     size_t size;
-    MOZ_ALWAYS_TRUE(extractBuffer(&data, &size));
-    DiscardTransferables(data, size, callbacks, closure);
-    js_free(data);
+    {
+        AutoEnterOOMUnsafeRegion oomUnsafe;
+        if (!extractBuffer(&data, &size))
+            oomUnsafe.crash("Unable to extract clone buffer");
+        DiscardTransferables(data, size, callbacks, closure);
+        js_free(data);
+    }
 }
 
 bool
 JSStructuredCloneWriter::parseTransferable()
 {
     MOZ_ASSERT(transferableObjects.empty(), "parseTransferable called with stale data");
 
     if (transferable.isNull() || transferable.isUndefined())