Bug 898675 - Binary Data: Free StructType fieldList on error. r=nmatsakis
authorNikhil Marathe <nsm.nikhil@gmail.com>
Mon, 29 Jul 2013 10:24:42 -0700
changeset 152703 0da6dd57126350e4bab8bc047897ed0b9a1f20af
parent 152702 bf208ba34b9c8ac2544ee0c055e3ce23f9cc2fcc
child 152704 7e79de7e28408cbbf40a31abbda3fb17f2286a32
push id2859
push userakeybl@mozilla.com
push dateMon, 16 Sep 2013 19:14:59 +0000
treeherdermozilla-beta@87d3c51cd2bf [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersnmatsakis
bugs898675
milestone25.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 898675 - Binary Data: Free StructType fieldList on error. r=nmatsakis
js/src/builtin/BinaryData.cpp
--- a/js/src/builtin/BinaryData.cpp
+++ b/js/src/builtin/BinaryData.cpp
@@ -1513,62 +1513,67 @@ StructType::layout(JSContext *cx, Handle
     if (!GetPropertyNames(cx, fields, JSITER_OWNONLY, &fieldProps))
         return false;
 
     FieldList *fieldList = new FieldList(fieldProps.length());
 
     uint32_t structAlign = 0;
     uint32_t structMemSize = 0;
     uint32_t structByteSize = 0;
+    size_t structTail = 0;
 
     for (unsigned int i = 0; i < fieldProps.length(); i++) {
         RootedValue fieldTypeVal(cx);
         RootedId id(cx, fieldProps[i]);
         if (!JSObject::getGeneric(cx, fields, fields, id, &fieldTypeVal))
-            return false;
+            goto error;
 
         RootedObject fieldType(cx, fieldTypeVal.toObjectOrNull());
         if (!IsBinaryType(fieldType))
-            return false;
+            goto error;
 
         size_t fieldMemSize = GetMemSize(cx, fieldType);
         size_t fieldAlign = GetAlign(cx, fieldType);
         size_t fieldOffset = AlignBytes(structMemSize, fieldAlign);
 
         structMemSize = fieldOffset + fieldMemSize;
 
         if (fieldAlign > structAlign)
             structAlign = fieldAlign;
 
         RootedValue fieldTypeBytes(cx);
         if (!JSObject::getProperty(cx, fieldType, fieldType, cx->names().bytes, &fieldTypeBytes))
-            return false;
+            goto error;
 
         JS_ASSERT(fieldTypeBytes.isInt32());
         structByteSize += fieldTypeBytes.toInt32();
 
         (*fieldList)[i].name = fieldProps[i];
         (*fieldList)[i].type = fieldType.get();
         (*fieldList)[i].offset = fieldOffset;
     }
 
-    size_t structTail = AlignBytes(structMemSize, structAlign);
+    structTail = AlignBytes(structMemSize, structAlign);
     JS_ASSERT(structTail >= structMemSize);
     structMemSize = structTail;
 
     structType->setFixedSlot(SLOT_MEMSIZE, Int32Value(structMemSize));
     structType->setFixedSlot(SLOT_ALIGN, Int32Value(structAlign));
     structType->setPrivate(fieldList);
 
     if (!JS_DefineProperty(cx, structType, "bytes",
                            Int32Value(structByteSize), NULL, NULL,
                            JSPROP_READONLY | JSPROP_PERMANENT))
-        return false;
+        goto error;
 
     return true;
+
+error:
+    delete fieldList;
+    return false;
 }
 
 bool
 StructType::convertAndCopyTo(JSContext *cx, HandleObject exemplar,
                              HandleValue from, uint8_t *mem)
 {
 
     if (!from.isObject()) {