Bug 1263292 - Handle calling realloc(0) (r=jld)
authorBill McCloskey <billm@mozilla.com>
Wed, 13 Apr 2016 18:43:36 -0700
changeset 351816 d1c487cc4ef287f33f6e92779dcf8c2247197226
parent 351815 526423ac534375444a91f738338dea94d5793003
child 351817 c45b0f59dc459d80d6d493cfe549a48ca5dc8df3
child 351868 4f1cef92aec487f83ee1abbb119c6fac950aa989
child 351992 45a1b1e693d8f683759ff2f8952b9766cd5bb89b
push id15527
push userbmo:rail@mozilla.com
push dateFri, 15 Apr 2016 01:44:41 +0000
reviewersjld
bugs1263292
milestone48.0a1
Bug 1263292 - Handle calling realloc(0) (r=jld)
ipc/chromium/src/base/buffer.cc
--- a/ipc/chromium/src/base/buffer.cc
+++ b/ipc/chromium/src/base/buffer.cc
@@ -46,17 +46,17 @@ Buffer::clear()
   mSize = 0;
   mReserved = 0;
 }
 
 void
 Buffer::try_realloc(size_t newlength)
 {
   char* buffer = (char*)realloc(mBuffer, newlength);
-  if (buffer) {
+  if (buffer || !newlength) {
     mBuffer = buffer;
     mReserved = newlength;
     return;
   }
 
   // If we're growing the buffer, crash. If we're shrinking, then we continue to
   // use the old (larger) buffer.
   MOZ_RELEASE_ASSERT(newlength <= mReserved);
@@ -102,16 +102,18 @@ Buffer::reserve(size_t size)
   if (mReserved < size) {
     try_realloc(size);
   }
 }
 
 char*
 Buffer::trade_bytes(size_t count)
 {
+  MOZ_RELEASE_ASSERT(count);
+
   char* result = mBuffer;
   mSize = mReserved = mSize - count;
   mBuffer = mReserved ? (char*)malloc(mReserved) : nullptr;
   MOZ_RELEASE_ASSERT(!mReserved || mBuffer);
   if (mSize) {
     memcpy(mBuffer, result + count, mSize);
   }