Bug 1533521 - Avoid modifying the static empty header size field. r=mccr8
authorEric Rahm <erahm@mozilla.com>
Thu, 07 Mar 2019 23:09:58 +0000
changeset 520945 7f1c8a3ebd95
parent 520944 c8d9a73cf366
child 520946 b32055608807
push id10862
push userffxbld-merge
push dateMon, 11 Mar 2019 13:01:11 +0000
treeherdermozilla-beta@a2e7f5c935da [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmccr8
bugs1533521
milestone67.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1533521 - Avoid modifying the static empty header size field. r=mccr8 Add a check that this array isn't using the static empty header before updating the size field. Differential Revision: https://phabricator.services.mozilla.com/D22616
xpcom/reflect/xptinfo/xptinfo.h
--- a/xpcom/reflect/xptinfo/xptinfo.h
+++ b/xpcom/reflect/xptinfo/xptinfo.h
@@ -554,17 +554,21 @@ class UntypedTArray : public nsTArray_ba
   void* Elements() const { return static_cast<void*>(Hdr() + 1); }
 
   // Changes the length and capacity to be at least large enough for aTo
   // elements.
   bool SetLength(const nsXPTType& aEltTy, uint32_t aTo) {
     if (!EnsureCapacity<nsTArrayFallibleAllocator>(aTo, aEltTy.Stride())) {
       return false;
     }
-    mHdr->mLength = aTo;
+
+    if (mHdr != EmptyHdr()) {
+      mHdr->mLength = aTo;
+    }
+
     return true;
   }
 
   // Free backing memory for the nsTArray object.
   void Clear() {
     if (mHdr != EmptyHdr() && !UsesAutoArrayBuffer()) {
       nsTArrayFallibleAllocator::Free(mHdr);
     }