Fix totally wrong OOM handling in MapObject.cpp. Bug 726218, r=luke.
authorJason Orendorff <jorendorff@mozilla.com>
Thu, 01 Mar 2012 09:01:45 -0600
changeset 88091 e8ed99cae455c8bbe1f1a32cfa56398da5902fba
parent 88090 4d9810a2c2b587a52cf9da229ad7a8f5f8401d69
child 88092 502b21011c3ef66c86218dd7f4687cbdc952d84f
push id22171
push usermak77@bonardo.net
push dateFri, 02 Mar 2012 13:56:30 +0000
treeherdermozilla-central@343ec916dfd5 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersluke
bugs726218
milestone13.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Fix totally wrong OOM handling in MapObject.cpp. Bug 726218, r=luke.
js/src/builtin/MapObject.cpp
--- a/js/src/builtin/MapObject.cpp
+++ b/js/src/builtin/MapObject.cpp
@@ -204,18 +204,22 @@ MapObject::finalize(JSContext *cx, JSObj
 JSBool
 MapObject::construct(JSContext *cx, unsigned argc, Value *vp)
 {
     JSObject *obj = NewBuiltinClassInstance(cx, &class_);
     if (!obj)
         return false;
 
     ValueMap *map = cx->new_<ValueMap>(cx->runtime);
-    if (!map || !map->init())
+    if (!map)
         return false;
+    if (!map->init()) {
+        js_ReportOutOfMemory(cx);
+        return false;
+    }
     obj->setPrivate(map);
 
     CallArgsFromVp(argc, vp).rval().setObject(*obj);
     return true;
 }
 
 #define UNPACK_THIS(T, native, cx, argc, vp, args, data)                      \
     CallArgs args = CallArgsFromVp(argc, vp);                                 \
@@ -262,17 +266,20 @@ MapObject::has(JSContext *cx, unsigned a
     return true;
 }
 
 JSBool
 MapObject::set(JSContext *cx, unsigned argc, Value *vp)
 {
     THIS_MAP(set, cx, argc, vp, args, map);
     ARG0_KEY(cx, args, key);
-    map.put(key, args.length() > 1 ? args[1] : UndefinedValue());
+    if (!map.put(key, args.length() > 1 ? args[1] : UndefinedValue())) {
+        js_ReportOutOfMemory(cx);
+        return false;
+    }
     args.rval().setUndefined();
     return true;
 }
 
 JSBool
 MapObject::delete_(JSContext *cx, unsigned argc, Value *vp)
 {
     THIS_MAP(delete_, cx, argc, vp, args, map);
@@ -351,18 +358,22 @@ SetObject::finalize(JSContext *cx, JSObj
 JSBool
 SetObject::construct(JSContext *cx, unsigned argc, Value *vp)
 {
     JSObject *obj = NewBuiltinClassInstance(cx, &class_);
     if (!obj)
         return false;
 
     ValueSet *set = cx->new_<ValueSet>(cx->runtime);
-    if (!set || !set->init())
+    if (!set)
         return false;
+    if (!set->init()) {
+        js_ReportOutOfMemory(cx);
+        return false;
+    }
     obj->setPrivate(set);
 
     CallArgsFromVp(argc, vp).rval().setObject(*obj);
     return true;
 }
 
 #define THIS_SET(native, cx, argc, vp, args, set)                             \
     UNPACK_THIS(SetObject, native, cx, argc, vp, args, set)
@@ -376,18 +387,20 @@ SetObject::has(JSContext *cx, unsigned a
     return true;
 }
 
 JSBool
 SetObject::add(JSContext *cx, unsigned argc, Value *vp)
 {
     THIS_SET(add, cx, argc, vp, args, set);
     ARG0_KEY(cx, args, key);
-    if (!set.put(key))
+    if (!set.put(key)) {
+        js_ReportOutOfMemory(cx);
         return false;
+    }
     args.rval().setUndefined();
     return true;
 }
 
 JSBool
 SetObject::delete_(JSContext *cx, unsigned argc, Value *vp)
 {
     THIS_SET(delete_, cx, argc, vp, args, set);