Bug 472292 Crash [@ jsdScript::CreatePPLineMap() ] with Firebug when invoking a non-function from an event handler.
authortimeless@mozdev.org
Tue, 06 Jan 2009 21:34:56 +0100
changeset 23375 309711a732acd1ccfad3fe3d5da57a67767948de
parent 23374 4af786d20e41081558a87db23f3d7690c5512933
child 23376 cb62d3dff36ba4e4251f929176c17767e163c537
push id1
push userroot
push dateTue, 26 Apr 2011 22:38:44 +0000
treeherdermozilla-beta@bfdb6e623a36 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
bugs472292
milestone1.9.2a1pre
Bug 472292 Crash [@ jsdScript::CreatePPLineMap() ] with Firebug when invoking a non-function from an event handler. r=caillon
js/jsd/jsd_xpc.cpp
--- a/js/jsd/jsd_xpc.cpp
+++ b/js/jsd/jsd_xpc.cpp
@@ -1067,39 +1067,43 @@ jsdScript::CreatePPLineMap()
 
     PRUint32 scriptExtent = JS_GetScriptLineExtent (cx, script);
     jsbytecode* firstPC = JS_LineNumberToPC (cx, script, 0);
     /* allocate worst case size of map (number of lines in script + 1
      * for our 0 record), we'll shrink it with a realloc later. */
     PCMapEntry *lineMap =
         static_cast<PCMapEntry *>
                    (PR_Malloc((scriptExtent + 1) * sizeof (PCMapEntry)));
+    PRUint32 lineMapSize = 0;
+
     if (lineMap) {
-        mPCMapSize = 0;
         for (PRUint32 line = baseLine; line < scriptExtent + baseLine; ++line) {
             jsbytecode* pc = JS_LineNumberToPC (cx, script, line);
             if (line == JS_PCToLineNumber (cx, script, pc)) {
-                mPPLineMap[mPCMapSize].line = line;
-                mPPLineMap[mPCMapSize].pc = pc - firstPC;
-                ++mPCMapSize;
+                lineMap[lineMapSize].line = line;
+                lineMap[lineMapSize].pc = pc - firstPC;
+                ++lineMapSize;
             }
         }
-        if (scriptExtent != mPCMapSize) {
+        if (scriptExtent != lineMapSize) {
             lineMap =
                 static_cast<PCMapEntry *>
                            (PR_Realloc(mPPLineMap = lineMap,
-                                       mPCMapSize * sizeof(PCMapEntry)));
-            if (!lineMap)
+                                       lineMapSize * sizeof(PCMapEntry)));
+            if (!lineMap) {
                 PR_Free(mPPLineMap);
+                lineMapSize = 0;
+            }
         }
     }
 
     if (scriptOwner)
         JS_DestroyScript (cx, script);
 
+    mPCMapSize = lineMapSize;
     return mPPLineMap = lineMap;
 }
 
 PRUint32
 jsdScript::PPPcToLine (PRUint32 aPC)
 {
     if (!mPPLineMap && !CreatePPLineMap())
         return 0;