Backed out changeset 51f84c093747 (bug 805121) for test failures.
authorRyan VanderMeulen <ryanvm@gmail.com>
Mon, 10 Dec 2012 11:07:18 -0500
changeset 115532 cd99d7db5a7bf74bbca1996d1a8453663ee039a0
parent 115531 5a9706887c6e5a67b8e7193f1502b671f21a211a
child 115533 86e10b84313b6eb4080f1ffc129787d4f5591952
push id1
push userroot
push dateMon, 20 Oct 2014 17:29:22 +0000
bugs805121
milestone20.0a1
backs out51f84c0937472d534eb82a64ceb4bcd62b52864b
Backed out changeset 51f84c093747 (bug 805121) for test failures.
js/src/jsstr.cpp
--- a/js/src/jsstr.cpp
+++ b/js/src/jsstr.cpp
@@ -12,17 +12,16 @@
  * native methods store strings (possibly newborn) converted from their 'this'
  * parameter and arguments on the stack: 'this' conversions at argv[-1], arg
  * conversions at their index (argv[0], argv[1]).  This is a legitimate method
  * of rooting things that might lose their newborn root due to subsequent GC
  * allocations in the same native method.
  */
 
 #include "mozilla/Attributes.h"
-#include "mozilla/CheckedInt.h"
 #include "mozilla/FloatingPoint.h"
 
 #include <stdlib.h>
 #include <string.h>
 #include "jstypes.h"
 #include "jsutil.h"
 #include "jsprf.h"
 #include "jsapi.h"
@@ -59,18 +58,16 @@
 #include "vm/StringObject-inl.h"
 #include "vm/String-inl.h"
 
 using namespace js;
 using namespace js::gc;
 using namespace js::types;
 using namespace js::unicode;
 
-using mozilla::CheckedInt;
-
 static JSLinearString *
 ArgToRootedString(JSContext *cx, CallArgs &args, unsigned argno)
 {
     if (argno >= args.length())
         return cx->names().undefined;
 
     Value &arg = args[argno];
     JSString *str = ToString(cx, arg);
@@ -2023,35 +2020,29 @@ FindReplaceLength(JSContext *cx, RegExpS
         rdata.repstr = repstr->ensureLinear(cx);
         if (!rdata.repstr)
             return false;
         *sizep = rdata.repstr->length();
         return true;
     }
 
     JSString *repstr = rdata.repstr;
-    CheckedInt<uint32_t> replen = repstr->length();
+    size_t replen = repstr->length();
     for (const jschar *dp = rdata.dollar, *ep = rdata.dollarEnd; dp;
          dp = js_strchr_limit(dp, '$', ep)) {
         JSSubString sub;
         size_t skip;
         if (InterpretDollar(res, dp, ep, rdata, &sub, &skip)) {
             replen += sub.length - skip;
             dp += skip;
         } else {
             dp++;
         }
     }
-
-    if (!replen.isValid()) {
-        js_ReportAllocationOverflow(cx);
-        return false;
-    }
-
-    *sizep = replen.value();
+    *sizep = replen;
     return true;
 }
 
 /*
  * Precondition: |rdata.sb| already has necessary growth space reserved (as
  * derived from FindReplaceLength).
  */
 static void
@@ -2092,24 +2083,18 @@ ReplaceRegExpCallback(JSContext *cx, Reg
     size_t leftoff = rdata.leftIndex;
     size_t leftlen = res->matchStart() - leftoff;
     rdata.leftIndex = res->matchLimit();
 
     size_t replen = 0;  /* silence 'unused' warning */
     if (!FindReplaceLength(cx, res, rdata, &replen))
         return false;
 
-    CheckedInt<uint32_t> newlen(rdata.sb.length());
-    newlen += leftlen;
-    newlen += replen;
-    if (!newlen.isValid()) {
-        js_ReportAllocationOverflow(cx);
-        return false;
-    }
-    if (!rdata.sb.reserve(newlen.value()))
+    size_t growth = leftlen + replen;
+    if (!rdata.sb.reserve(rdata.sb.length() + growth))
         return false;
 
     JSLinearString &str = rdata.str->asLinear();  /* flattened for regexp */
     const jschar *left = str.chars() + leftoff;
 
     rdata.sb.infallibleAppend(left, leftlen); /* skipped-over portion of the search value */
     DoReplace(res, rdata);
     return true;