Bug 1178033 - XDRBuffer: Replace isUint32Overflow by a simple check of the capacity max. r=luke
authorNicolas B. Pierron <nicolas.b.pierron@mozilla.com>
Mon, 17 Aug 2015 10:43:54 +0200
changeset 258023 e4b9e72f934f864375d03732d6923bb06f4e8d35
parent 258004 3bbd0d9291280d02bac1ed2e73298bc67b70cbda
child 258024 7c96ee5b37f3c1f2d97f08644557bc3b8fa15e3c
push id29241
push userkwierso@gmail.com
push dateTue, 18 Aug 2015 00:00:46 +0000
treeherdermozilla-central@6ae3e9ff53b2 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersluke
bugs1178033
milestone43.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1178033 - XDRBuffer: Replace isUint32Overflow by a simple check of the capacity max. r=luke
js/src/vm/Xdr.cpp
js/src/vm/Xdr.h
--- a/js/src/vm/Xdr.cpp
+++ b/js/src/vm/Xdr.cpp
@@ -25,26 +25,29 @@ XDRBuffer::freeBuffer()
 }
 
 bool
 XDRBuffer::grow(size_t n)
 {
     MOZ_ASSERT(n > size_t(limit - cursor));
 
     const size_t MIN_CAPACITY = 8192;
+    const size_t MAX_CAPACITY = size_t(INT32_MAX) + 1;
     size_t offset = cursor - base;
-    size_t newCapacity = mozilla::RoundUpPow2(offset + n);
-    if (newCapacity < MIN_CAPACITY)
-        newCapacity = MIN_CAPACITY;
-    if (isUint32Overflow(newCapacity)) {
+    MOZ_ASSERT(offset <= MAX_CAPACITY);
+    if (n > MAX_CAPACITY - offset) {
         js::gc::AutoSuppressGC suppressGC(cx());
         JS_ReportErrorNumber(cx(), GetErrorMessage, nullptr, JSMSG_TOO_BIG_TO_ENCODE);
         return false;
     }
+    size_t newCapacity = mozilla::RoundUpPow2(offset + n);
+    if (newCapacity < MIN_CAPACITY)
+        newCapacity = MIN_CAPACITY;
 
+    MOZ_ASSERT(newCapacity <= MAX_CAPACITY);
     void* data = js_realloc(base, newCapacity);
     if (!data) {
         ReportOutOfMemory(cx());
         return false;
     }
     base = static_cast<uint8_t*>(data);
     cursor = base + offset;
     limit = base + newCapacity;
--- a/js/src/vm/Xdr.h
+++ b/js/src/vm/Xdr.h
@@ -80,20 +80,16 @@ class XDRBuffer {
             if (!grow(n))
                 return nullptr;
         }
         uint8_t* ptr = cursor;
         cursor += n;
         return ptr;
     }
 
-    static bool isUint32Overflow(size_t n) {
-        return size_t(-1) > size_t(UINT32_MAX) && n > size_t(UINT32_MAX);
-    }
-
     void freeBuffer();
 
   private:
     bool grow(size_t n);
 
     JSContext*  const context;
     uint8_t*    base;
     uint8_t*    cursor;