Bug 916580 - Fix bugs related to the usage of calloc. r=luke
authorDan Gohman <sunfish@google.com>
Wed, 25 Sep 2013 12:18:43 -0700
changeset 148700 f9ae7613751c32703c7081a40331600461d3b503
parent 148699 732581f15f34cff0afffb29ff3c440ba46f59311
child 148701 8879393c2552aae23373deb63d01e92e7b99172d
push id25352
push userkwierso@gmail.com
push dateThu, 26 Sep 2013 03:27:24 +0000
treeherdermozilla-central@94548c13fd47 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersluke
bugs916580
milestone27.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 916580 - Fix bugs related to the usage of calloc. r=luke
js/jsd/jsd_lock.cpp
js/public/Utility.h
js/src/jit/BaselineBailouts.cpp
js/src/jit/IonCode.h
js/src/jsutil.cpp
--- a/js/jsd/jsd_lock.cpp
+++ b/js/jsd/jsd_lock.cpp
@@ -81,17 +81,17 @@ void ASSERT_VALID_LOCK(JSDStaticLock* lo
 #define ASSERT_VALID_LOCK(x) ((void)0)
 #endif
 
 JSDStaticLock*
 jsd_CreateLock()
 {
     JSDStaticLock* lock;
 
-    if( ! (lock = js_pod_calloc<JSDStaticLock>(1)) ||
+    if( ! (lock = js_pod_calloc<JSDStaticLock>()) ||
         ! (lock->lock = PR_NewLock()) )
     {
         if(lock)
         {
             free(lock);
             lock = nullptr;
         }
     }
--- a/js/public/Utility.h
+++ b/js/public/Utility.h
@@ -143,16 +143,22 @@ static JS_INLINE void* js_malloc(size_t 
 }
 
 static JS_INLINE void* js_calloc(size_t bytes)
 {
     JS_OOM_POSSIBLY_FAIL();
     return calloc(bytes, 1);
 }
 
+static JS_INLINE void* js_calloc(size_t nmemb, size_t size)
+{
+    JS_OOM_POSSIBLY_FAIL();
+    return calloc(nmemb, size);
+}
+
 static JS_INLINE void* js_realloc(void* p, size_t bytes)
 {
     JS_OOM_POSSIBLY_FAIL();
     return realloc(p, bytes);
 }
 
 static JS_INLINE void js_free(void* p)
 {
--- a/js/src/jit/BaselineBailouts.cpp
+++ b/js/src/jit/BaselineBailouts.cpp
@@ -120,16 +120,18 @@ struct BaselineStackBuilder
         header_->resumeAddr = NULL;
         header_->monitorStub = NULL;
         header_->numFrames = 0;
         return true;
     }
 
     bool enlarge() {
         JS_ASSERT(buffer_ != NULL);
+        if (bufferTotal_ & mozilla::tl::MulOverflowMask<2>::value)
+            return false;
         size_t newSize = bufferTotal_ * 2;
         uint8_t *newBuffer = reinterpret_cast<uint8_t *>(js_calloc(newSize));
         if (!newBuffer)
             return false;
         memcpy((newBuffer + newSize) - bufferUsed_, header_->copyStackBottom, bufferUsed_);
         memcpy(newBuffer, header_, sizeof(BaselineBailoutInfo));
         js_free(buffer_);
         buffer_ = newBuffer;
--- a/js/src/jit/IonCode.h
+++ b/js/src/jit/IonCode.h
@@ -567,17 +567,17 @@ struct IonBlockCounts
 
   public:
 
     bool init(uint32_t id, uint32_t offset, uint32_t numSuccessors) {
         id_ = id;
         offset_ = offset;
         numSuccessors_ = numSuccessors;
         if (numSuccessors) {
-            successors_ = (uint32_t *) js_calloc(numSuccessors * sizeof(uint32_t));
+            successors_ = js_pod_calloc<uint32_t>(numSuccessors);
             if (!successors_)
                 return false;
         }
         return true;
     }
 
     void destroy() {
         js_free(successors_);
@@ -665,17 +665,17 @@ struct IonScriptCounts
         for (size_t i = 0; i < numBlocks_; i++)
             blocks_[i].destroy();
         js_free(blocks_);
         js_delete(previous_);
     }
 
     bool init(size_t numBlocks) {
         numBlocks_ = numBlocks;
-        blocks_ = (IonBlockCounts *) js_calloc(numBlocks * sizeof(IonBlockCounts));
+        blocks_ = js_pod_calloc<IonBlockCounts>(numBlocks);
         return blocks_ != NULL;
     }
 
     size_t numBlocks() const {
         return numBlocks_;
     }
 
     IonBlockCounts &block(size_t i) {
--- a/js/src/jsutil.cpp
+++ b/js/src/jsutil.cpp
@@ -26,17 +26,17 @@ using namespace js;
 
 using mozilla::CeilingLog2Size;
 using mozilla::PodArrayZero;
 
 #if USE_ZLIB
 static void *
 zlib_alloc(void *cx, uInt items, uInt size)
 {
-    return js_malloc(items * size);
+    return js_calloc(items, size);
 }
 
 static void
 zlib_free(void *cx, void *addr)
 {
     js_free(addr);
 }