author | Nicolas B. Pierron <nicolas.b.pierron@mozilla.com> |
Mon, 17 Aug 2015 10:43:54 +0200 (2015-08-17) | |
changeset 258023 | e4b9e72f934f864375d03732d6923bb06f4e8d35 |
parent 258004 | 3bbd0d9291280d02bac1ed2e73298bc67b70cbda |
child 258024 | 7c96ee5b37f3c1f2d97f08644557bc3b8fa15e3c |
push id | 29241 |
push user | kwierso@gmail.com |
push date | Tue, 18 Aug 2015 00:00:46 +0000 (2015-08-18) |
treeherder | mozilla-central@6ae3e9ff53b2 [default view] [failures only] |
perfherder | [talos] [build metrics] [platform microbench] (compared to previous push) |
reviewers | luke |
bugs | 1178033 |
milestone | 43.0a1 |
first release with | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
last release without | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
js/src/vm/Xdr.cpp | file | annotate | diff | comparison | revisions | |
js/src/vm/Xdr.h | file | annotate | diff | comparison | revisions |
--- a/js/src/vm/Xdr.cpp +++ b/js/src/vm/Xdr.cpp @@ -25,26 +25,29 @@ XDRBuffer::freeBuffer() } bool XDRBuffer::grow(size_t n) { MOZ_ASSERT(n > size_t(limit - cursor)); const size_t MIN_CAPACITY = 8192; + const size_t MAX_CAPACITY = size_t(INT32_MAX) + 1; size_t offset = cursor - base; - size_t newCapacity = mozilla::RoundUpPow2(offset + n); - if (newCapacity < MIN_CAPACITY) - newCapacity = MIN_CAPACITY; - if (isUint32Overflow(newCapacity)) { + MOZ_ASSERT(offset <= MAX_CAPACITY); + if (n > MAX_CAPACITY - offset) { js::gc::AutoSuppressGC suppressGC(cx()); JS_ReportErrorNumber(cx(), GetErrorMessage, nullptr, JSMSG_TOO_BIG_TO_ENCODE); return false; } + size_t newCapacity = mozilla::RoundUpPow2(offset + n); + if (newCapacity < MIN_CAPACITY) + newCapacity = MIN_CAPACITY; + MOZ_ASSERT(newCapacity <= MAX_CAPACITY); void* data = js_realloc(base, newCapacity); if (!data) { ReportOutOfMemory(cx()); return false; } base = static_cast<uint8_t*>(data); cursor = base + offset; limit = base + newCapacity;
--- a/js/src/vm/Xdr.h +++ b/js/src/vm/Xdr.h @@ -80,20 +80,16 @@ class XDRBuffer { if (!grow(n)) return nullptr; } uint8_t* ptr = cursor; cursor += n; return ptr; } - static bool isUint32Overflow(size_t n) { - return size_t(-1) > size_t(UINT32_MAX) && n > size_t(UINT32_MAX); - } - void freeBuffer(); private: bool grow(size_t n); JSContext* const context; uint8_t* base; uint8_t* cursor;