Mercurial > mozilla-central / changeset / e4b9e72f934f864375d03732d6923bb06f4e8d35
summary | shortlog | changelog | pushlog | graph | tags | bookmarks | branches | files | changeset | raw | zip | gz | bz2 | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Bug 1178033 - XDRBuffer: Replace isUint32Overflow by a simple check of the capacity max. r=luke
authorNicolas B. Pierron <nicolas.b.pierron@mozilla.com>
Mon, 17 Aug 2015 10:43:54 +0200
changeset 258023 e4b9e72f934f864375d03732d6923bb06f4e8d35
parent 258004 3bbd0d9291280d02bac1ed2e73298bc67b70cbda
child 258024 7c96ee5b37f3c1f2d97f08644557bc3b8fa15e3c
push id29241
push userkwierso@gmail.com
push dateTue, 18 Aug 2015 00:00:46 +0000
treeherdermozilla-central@6ae3e9ff53b2 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersluke
bugs1178033
milestone43.0a1
first release with
nightly linux32
90d9b7c391d3 / 43.0a1 / 20150818030209 / files
nightly linux64
90d9b7c391d3 / 43.0a1 / 20150818030209 / files
nightly mac
90d9b7c391d3 / 43.0a1 / 20150818030209 / files
nightly win32
90d9b7c391d3 / 43.0a1 / 20150818030209 / files
nightly win64
90d9b7c391d3 / 43.0a1 / 20150818030209 / files
last release without
nightly linux32
2ddfc9180971 / 43.0a1 / 20150816030217 / files
nightly linux64
2ddfc9180971 / 43.0a1 / 20150816030217 / files
nightly mac
2ddfc9180971 / 43.0a1 / 20150816030217 / files
nightly win32
2ddfc9180971 / 43.0a1 / 20150816030217 / files
nightly win64
2ddfc9180971 / 43.0a1 / 20150816030217 / files
Bug 1178033 - XDRBuffer: Replace isUint32Overflow by a simple check of the capacity max. r=luke
js/src/vm/Xdr.cpp file | annotate | diff | comparison | revisions
js/src/vm/Xdr.h file | annotate | diff | comparison | revisions 
--- a/js/src/vm/Xdr.cpp
+++ b/js/src/vm/Xdr.cpp
@@ -25,26 +25,29 @@ XDRBuffer::freeBuffer()
 }
 
 bool
 XDRBuffer::grow(size_t n)
 {
     MOZ_ASSERT(n > size_t(limit - cursor));
 
     const size_t MIN_CAPACITY = 8192;
+    const size_t MAX_CAPACITY = size_t(INT32_MAX) + 1;
     size_t offset = cursor - base;
-    size_t newCapacity = mozilla::RoundUpPow2(offset + n);
-    if (newCapacity < MIN_CAPACITY)
-        newCapacity = MIN_CAPACITY;
-    if (isUint32Overflow(newCapacity)) {
+    MOZ_ASSERT(offset <= MAX_CAPACITY);
+    if (n > MAX_CAPACITY - offset) {
         js::gc::AutoSuppressGC suppressGC(cx());
         JS_ReportErrorNumber(cx(), GetErrorMessage, nullptr, JSMSG_TOO_BIG_TO_ENCODE);
         return false;
     }
+    size_t newCapacity = mozilla::RoundUpPow2(offset + n);
+    if (newCapacity < MIN_CAPACITY)
+        newCapacity = MIN_CAPACITY;
 
+    MOZ_ASSERT(newCapacity <= MAX_CAPACITY);
     void* data = js_realloc(base, newCapacity);
     if (!data) {
         ReportOutOfMemory(cx());
         return false;
     }
     base = static_cast<uint8_t*>(data);
     cursor = base + offset;
     limit = base + newCapacity;
--- a/js/src/vm/Xdr.h
+++ b/js/src/vm/Xdr.h
@@ -80,20 +80,16 @@ class XDRBuffer {
             if (!grow(n))
                 return nullptr;
         }
         uint8_t* ptr = cursor;
         cursor += n;
         return ptr;
     }
 
-    static bool isUint32Overflow(size_t n) {
-        return size_t(-1) > size_t(UINT32_MAX) && n > size_t(UINT32_MAX);
-    }
-
     void freeBuffer();
 
   private:
     bool grow(size_t n);
 
     JSContext*  const context;
     uint8_t*    base;
     uint8_t*    cursor;
mozilla-central
Deployed from cd14589c8543 at 2019-06-06T16:32:02Z.