Bug 1533521 - Avoid modifying the static empty header size field. r=mccr8
authorEric Rahm <erahm@mozilla.com>
Thu, 07 Mar 2019 23:09:58 +0000
changeset 520945 7f1c8a3ebd950a8f68003982060031eef3c1b555
parent 520944 c8d9a73cf366b9cd50c40e63a80300b76256b2f2
child 520946 b32055608807968d77af0b75a85e3c7dc49a692f
push id10862
push userffxbld-merge
push dateMon, 11 Mar 2019 13:01:11 +0000
treeherdermozilla-beta@a2e7f5c935da [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmccr8
bugs1533521
milestone67.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1533521 - Avoid modifying the static empty header size field. r=mccr8 Add a check that this array isn't using the static empty header before updating the size field. Differential Revision: https://phabricator.services.mozilla.com/D22616
xpcom/reflect/xptinfo/xptinfo.h
--- a/xpcom/reflect/xptinfo/xptinfo.h
+++ b/xpcom/reflect/xptinfo/xptinfo.h
@@ -554,17 +554,21 @@ class UntypedTArray : public nsTArray_ba
   void* Elements() const { return static_cast<void*>(Hdr() + 1); }
 
   // Changes the length and capacity to be at least large enough for aTo
   // elements.
   bool SetLength(const nsXPTType& aEltTy, uint32_t aTo) {
     if (!EnsureCapacity<nsTArrayFallibleAllocator>(aTo, aEltTy.Stride())) {
       return false;
     }
-    mHdr->mLength = aTo;
+
+    if (mHdr != EmptyHdr()) {
+      mHdr->mLength = aTo;
+    }
+
     return true;
   }
 
   // Free backing memory for the nsTArray object.
   void Clear() {
     if (mHdr != EmptyHdr() && !UsesAutoArrayBuffer()) {
       nsTArrayFallibleAllocator::Free(mHdr);
     }