Bug 1285218 - Check for OOM while creating MOsrValue. r=h4writer
authorNicolas B. Pierron <nicolas.b.pierron@mozilla.com>
Wed, 13 Jul 2016 12:21:40 +0000
changeset 387168 0ad1ec384324f0c7c2df6e3b76347f481d6e213e
parent 387167 b31c2afa920a8f74ddddf0dc8d3eed7fef4ce795
child 387169 9c820e56f5ef3de7293abd0731e06350738e3e07
child 387173 4195392455127872bdede0d4c6cc2fa054010665
child 387175 b00ee999a59199c84960398dce43cc68c44be6cc
child 387288 e3f86f18efa80d4305aff62b90b842def881952d
child 387319 fdb579b14aa01e2e75cb33700050ff0d0132a4ca
child 387320 69b4175ddb67d23b0fc5a8e7081a941782b88128
child 394466 26d8bea6c51bbaec366c88df04a71edb7b3e3a95
push id22898
push userCallek@gmail.com
push dateWed, 13 Jul 2016 13:20:13 +0000
reviewersh4writer
bugs1285218
milestone50.0a1
Bug 1285218 - Check for OOM while creating MOsrValue. r=h4writer
js/src/jit-test/tests/ion/bug1285218.js
js/src/jit/IonBuilder.cpp
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/ion/bug1285218.js
@@ -0,0 +1,27 @@
+function test() {
+  var a1; var a2; var a3; var a4; var a5; var a6; var a7; var a8; var a9;
+  var a10; var a11; var a12; var a13; var a14; var a15; var a16; var a17;
+  var a18; var a19; var a20; var a21; var a22; var a23; var a24; var a25;
+  var a26; var a27; var a28; var a29; var a30; var a31; var a32; var a33;
+  var a34; var a35; var a36; var a37; var a38; var a39; var a40; var a41;
+  var a42; var a43; var a44; var a45; var a46; var a47; var a48;
+  for ( dbg = 30; dbg >=0; dbg-- ) {}
+  var a50; var a51; var a52; var a53; var a54; var a55; var a56; var a57;
+  var a58; var a59; var a60; var a61; var a62; var a63; var a64; var a65;
+  var a66; var a67; var a68; var a69;
+  var assertEq = '';
+  var a71; var a72;
+  let onDebuggerStatement;
+  var a74; var a75; var a76; var a77; var a78; var a79; var a80; var a81;
+  var a82; var a83; var a84; var a85; var a86; var a87; var a88; var a89;
+  var a90; var a91; var a92; var a93; var a94; var a95; var a96; var a97;
+  var a98; var a99; var a100; var a101; var a102; var a103; var a104; var a105;
+  var a106; var a107; var a108; var a109; var a110; var a111; var a112;
+  if(a111 !== a2)
+    var a114;
+  var a115; var a116; var a117; var a120; var a121; var a122; var a123;
+  var a124; var a125;
+  for (var a126 = 1; a126 < ([1,2,3]).length -1; ++a126) 1;
+}
+
+test();
--- a/js/src/jit/IonBuilder.cpp
+++ b/js/src/jit/IonBuilder.cpp
@@ -7853,28 +7853,32 @@ IonBuilder::newOsrPreheader(MBasicBlock*
         }
     }
 
     // Initialize locals.
     for (uint32_t i = 0; i < info().nlocals(); i++) {
         uint32_t slot = info().localSlot(i);
         ptrdiff_t offset = BaselineFrame::reverseOffsetOfLocal(i);
 
-        MOsrValue* osrv = MOsrValue::New(alloc(), entry, offset);
+        MOsrValue* osrv = MOsrValue::New(alloc().fallible(), entry, offset);
+        if (!osrv)
+            return nullptr;
         osrBlock->add(osrv);
         osrBlock->initSlot(slot, osrv);
     }
 
     // Initialize stack.
     uint32_t numStackSlots = preheader->stackDepth() - info().firstStackSlot();
     for (uint32_t i = 0; i < numStackSlots; i++) {
         uint32_t slot = info().stackSlot(i);
         ptrdiff_t offset = BaselineFrame::reverseOffsetOfLocal(info().nlocals() + i);
 
-        MOsrValue* osrv = MOsrValue::New(alloc(), entry, offset);
+        MOsrValue* osrv = MOsrValue::New(alloc().fallible(), entry, offset);
+        if (!osrv)
+            return nullptr;
         osrBlock->add(osrv);
         osrBlock->initSlot(slot, osrv);
     }
 
     // Create an MStart to hold the first valid MResumePoint.
     MStart* start = MStart::New(alloc());
     osrBlock->add(start);