Bug 1263902 - check return value from JS_smprintf. r=bbouvier, r=shu
authorLars T Hansen <lhansen@mozilla.com>
Mon, 18 Apr 2016 15:28:40 +0200
changeset 331704 ff00656a1bda864d16795701f976612100bc9baf
parent 331703 ffb1d08f2bd00a9490f76c89c58325e32c199066
child 331705 fdac1cd6e6e0547158cb7329b2980dbba9f34889
push id6048
push userkmoir@mozilla.com
push dateMon, 06 Jun 2016 19:02:08 +0000
treeherdermozilla-beta@46d72a56c57d [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbbouvier, shu
bugs1263902
milestone48.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1263902 - check return value from JS_smprintf. r=bbouvier, r=shu
js/src/asmjs/AsmJS.cpp
js/src/shell/js.cpp
js/src/vm/Debugger.cpp
--- a/js/src/asmjs/AsmJS.cpp
+++ b/js/src/asmjs/AsmJS.cpp
@@ -7414,28 +7414,32 @@ CheckBuffer(JSContext* cx, AsmJSModule& 
     uint32_t heapLength = buffer->byteLength();
 
     if (!IsValidAsmJSHeapLength(heapLength)) {
         UniqueChars msg(
             JS_smprintf("ArrayBuffer byteLength 0x%x is not a valid heap length. The next "
                         "valid length is 0x%x",
                         heapLength,
                         RoundUpToNextValidAsmJSHeapLength(heapLength)));
+        if (!msg)
+            return false;
         return LinkFail(cx, msg.get());
     }
 
     // This check is sufficient without considering the size of the loaded datum because heap
     // loads and stores start on an aligned boundary and the heap byteLength has larger alignment.
     MOZ_ASSERT((module.minHeapLength() - 1) <= INT32_MAX);
     if (heapLength < module.minHeapLength()) {
         UniqueChars msg(
             JS_smprintf("ArrayBuffer byteLength of 0x%x is less than 0x%x (the size implied "
                         "by const heap accesses).",
                         heapLength,
                         module.minHeapLength()));
+        if (!msg)
+            return false;
         return LinkFail(cx, msg.get());
     }
 
     // Shell builtins may have disabled signal handlers since the module we're
     // cloning was compiled. LookupAsmJSModuleInCache checks for signal handlers
     // as well for the caching case.
     if (module.compileArgs() != CompileArgs(cx))
         return LinkFail(cx, "Signals have been toggled since compilation");
@@ -8126,16 +8130,18 @@ LookupAsmJSModuleInCache(ExclusiveContex
     if (!parser.tokenStream.advance(module.srcEndBeforeCurly()))
         return false;
 
     *loadedFromCache = true;
 
     int64_t usecAfter = PRMJ_Now();
     int ms = (usecAfter - usecBefore) / PRMJ_USEC_PER_MSEC;
     *compilationTimeReport = UniqueChars(JS_smprintf("loaded from cache in %dms", ms));
+    if (!*compilationTimeReport)
+        return false;
     return true;
 }
 
 /*****************************************************************************/
 // Top-level js::CompileAsmJS
 
 static bool
 NoExceptionPending(ExclusiveContext* cx)
--- a/js/src/shell/js.cpp
+++ b/js/src/shell/js.cpp
@@ -6992,16 +6992,18 @@ SetRuntimeOptions(JSRuntime* rt, const O
     rt->profilingScripts = enableCodeCoverage || enableDisassemblyDumps;
 
     jsCacheDir = op.getStringOption("js-cache");
     if (jsCacheDir) {
         if (!op.getBoolOption("no-js-cache-per-process"))
             jsCacheDir = JS_smprintf("%s/%u", jsCacheDir, (unsigned)getpid());
         else
             jsCacheDir = JS_strdup(rt, jsCacheDir);
+        if (!jsCacheDir)
+            return false;
         jsCacheAsmJSPath = JS_smprintf("%s/asmjs.cache", jsCacheDir);
     }
 
 #ifdef DEBUG
     dumpEntrainedVariables = op.getBoolOption("dump-entrained-variables");
 #endif
 
 #ifdef JS_GC_ZEAL
--- a/js/src/vm/Debugger.cpp
+++ b/js/src/vm/Debugger.cpp
@@ -6459,16 +6459,18 @@ class DebuggerSourceGetURLMatcher
         }
         return Nothing();
     }
     ReturnType match(Handle<WasmModuleObject*> wasmModule) {
         // TODOshu: Until wasm modules have real URLs, append "> wasm" to the
         // end to prevent them from being blacklisted by devtools by having
         // the same value as a source mapped URL.
         char* buf = JS_smprintf("%s > wasm", wasmModule->module().filename());
+        if (!buf)
+            return Nothing();
         JSString* str = NewStringCopyZ<CanGC>(cx_, buf);
         JS_smprintf_free(buf);
         return Some(str);
     }
 };
 
 static bool
 DebuggerSource_getURL(JSContext* cx, unsigned argc, Value* vp)