Bug 998995 - Reserve stack space for 16 arguments when parsing a CSS function; r=dbaron
authorEhsan Akhgari <ehsan@mozilla.com>
Mon, 21 Apr 2014 20:44:33 -0400
changeset 197980 b9b4ff616b32af49791c397ed2585c18fba294be
parent 197979 c1c947d321b932e7b46c87dbd7d11a91f93481f7
child 197981 e7160b5750b537ef7147d854e583d60c1992dc07
push id3624
push userasasaki@mozilla.com
push dateMon, 09 Jun 2014 21:49:01 +0000
treeherdermozilla-beta@b1a5da15899a [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersdbaron
bugs998995
milestone31.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 998995 - Reserve stack space for 16 arguments when parsing a CSS function; r=dbaron
layout/style/nsCSSParser.cpp
--- a/layout/style/nsCSSParser.cpp
+++ b/layout/style/nsCSSParser.cpp
@@ -12549,18 +12549,23 @@ CSSParserImpl::ParseFunction(nsCSSKeywor
 
   /* 2^16 - 2, so that if we have 2^16 - 2 transforms, we have 2^16 - 1
    * elements stored in the the nsCSSValue::Array.
    */
   static const arrlen_t MAX_ALLOWED_ELEMS = 0xFFFE;
 
   /* Read in a list of values as an array, failing if we can't or if
    * it's out of bounds.
+   *
+   * We reserve 16 entries in the foundValues array in order to avoid
+   * having to resize the array dynamically when parsing some well-formed
+   * functions.  The number 16 is coming from the number of arguments that
+   * matrix3d() accepts.
    */
-  InfallibleTArray<nsCSSValue> foundValues;
+  AutoInfallibleTArray<nsCSSValue, 16> foundValues;
   if (!ParseFunctionInternals(aAllowedTypes, aAllowedTypesAll, aMinElems,
                               aMaxElems, foundValues)) {
     return false;
   }
 
   /*
    * In case the user has given us more than 2^16 - 2 arguments,
    * we'll truncate them at 2^16 - 2 arguments.