Mercurial > releases > mozilla-beta / changeset / da9491adea8584c9780cb57fad6022ba7b871e2e
summary | shortlog | changelog | pushlog | graph | tags | bookmarks | branches | files | changeset | raw | zip | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Bug 1444604: Part 1: Check for overrunning the LiveSavedFrameCache even in release builds. r=jorendorff
authorJim Blandy <jimb@mozilla.com>
Mon, 12 Mar 2018 18:08:57 -0700
changeset 462574 da9491adea8584c9780cb57fad6022ba7b871e2e
parent 462573 2adda34a5051e4fd5bedbac021c3a712125a43af
child 462575 27993b0b6e51ce8d6ad22ed4d0d1471e286b5872
push id9165
push userasasaki@mozilla.com
push dateThu, 26 Apr 2018 21:04:54 +0000
treeherdermozilla-beta@064c3804de2e [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjorendorff
bugs1444604
milestone61.0a1
first release with
nightly linux32
3d21d31141dc / 61.0a1 / 20180321040527 / files
nightly linux64
3d21d31141dc / 61.0a1 / 20180321040527 / files
nightly mac
3d21d31141dc / 61.0a1 / 20180321040527 / files
nightly win32
3d21d31141dc / 61.0a1 / 20180321040527 / files
nightly win64
3d21d31141dc / 61.0a1 / 20180321040527 / files
last release without
nightly linux32
bfb7edfd0436 / 61.0a1 / 20180320100122 / files
nightly linux64
bfb7edfd0436 / 61.0a1 / 20180320100122 / files
nightly mac
bfb7edfd0436 / 61.0a1 / 20180320100122 / files
nightly win32
bfb7edfd0436 / 61.0a1 / 20180320100122 / files
nightly win64
bfb7edfd0436 / 61.0a1 / 20180320100122 / files
Bug 1444604: Part 1: Check for overrunning the LiveSavedFrameCache even in release builds. r=jorendorff The LiveSavedFrameCache's invariant that every frame with its hasCachedSavedFrame bit set has an entry in the cache should ensure that LiveSavedFrameCache::find never runs off the bottom of the cache. But we should check for an empty cache even in release builds, so that violations of this invariant don't cause unconstrained memory accesses. MozReview-Commit-ID: 1b9vx9nvVeY
js/src/vm/SavedStacks.cpp file | annotate | diff | comparison | revisions 
--- a/js/src/vm/SavedStacks.cpp
+++ b/js/src/vm/SavedStacks.cpp
@@ -135,17 +135,17 @@ LiveSavedFrameCache::find(JSContext* cx,
         // since we're going to push new cache entries for all frames younger
         // than frameIter, we must pop it anyway.
         frames->popBack();
 
         // If the frame's bit was set, the frame should always have an entry in
         // the cache. (If we purged the entire cache because its SavedFrames had
         // been captured for a different compartment, then we would have
         // returned early above.)
-        MOZ_ASSERT(!frames->empty());
+        MOZ_ALWAYS_TRUE(!frames->empty());
     }
 
     // The youngest valid frame may have run some code, so its current pc may
     // not match its cache entry's pc. In this case, just treat it as a miss. No
     // older frame has executed any code; it would have been necessary to pop
     // this frame for that to happen, but this frame's bit is set.
     if (pc != frames->back().pc) {
         frames->popBack();
mozilla-beta
Deployed from 1769ae2b5feb at 2022-05-11T14:55:53Z.