Bug 1455702: Check allocation in ParseCallIndirect in wasm::TextToBinary; r=luke
authorBenjamin Bouvier <benj@benj.me>
Mon, 23 Apr 2018 16:37:33 +0200
changeset 471394 11205dbb6d671d88dbcca7ff91f98598a7b5cd24
parent 471393 d0fe2832896c1449e90294bbc2920df053a8fda5
child 471395 4acca3e3505256e14a5f9ca2d2035314051d7976
push id1728
push userjlund@mozilla.com
push dateMon, 18 Jun 2018 21:12:27 +0000
treeherdermozilla-release@c296fde26f5f [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersluke
bugs1455702
milestone61.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1455702: Check allocation in ParseCallIndirect in wasm::TextToBinary; r=luke
js/src/wasm/WasmTextToBinary.cpp
--- a/js/src/wasm/WasmTextToBinary.cpp
+++ b/js/src/wasm/WasmTextToBinary.cpp
@@ -1966,16 +1966,19 @@ ParseCallIndirect(WasmParseContext& c, b
         if (args.empty())
             index = new(c.lifo) AstPop();
         else
             index = args.popCopy();
     } else {
         index = new(c.lifo) AstPop();
     }
 
+    if (!index)
+        return nullptr;
+
     return new(c.lifo) AstCallIndirect(sig, ExprType::Void, Move(args), index);
 }
 
 static uint_fast8_t
 CountLeadingZeroes4(uint8_t x)
 {
     MOZ_ASSERT((x & -0x10) == 0);
     return CountLeadingZeroes32(x) - 28;