Bug 1267557 part 1 - Also poison bytes allocated before the actual jitcode. r=nbp a=ritu
authorJan de Mooij <jdemooij@mozilla.com>
Thu, 28 Apr 2016 13:38:10 +0200
changeset 334699 29d746b57ed2690d98d5ac9e85fc745e78350266
parent 334698 e122f4f0fa72a2d4807daee2f210559833e21fa0
child 334700 2fa3f71011ccb7f8171af8295cc7ffbaa556333c
push id1146
push userCallek@gmail.com
push dateMon, 25 Jul 2016 16:35:44 +0000
treeherdermozilla-release@a55778f9cd5a [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersnbp, ritu
bugs1267557
milestone48.0a2
Bug 1267557 part 1 - Also poison bytes allocated before the actual jitcode. r=nbp a=ritu
js/src/jit/Ion.cpp
--- a/js/src/jit/Ion.cpp
+++ b/js/src/jit/Ion.cpp
@@ -810,18 +810,21 @@ JitCode::finalize(FreeOp* fop)
     }
 #endif
 
     MOZ_ASSERT(pool_);
 
     // With W^X JIT code, reprotecting memory for each JitCode instance is
     // slow, so we record the ranges and poison them later all at once. It's
     // safe to ignore OOM here, it just means we won't poison the code.
-    if (fop->appendJitPoisonRange(JitPoisonRange(pool_, code_, bufferSize_)))
+    if (fop->appendJitPoisonRange(JitPoisonRange(pool_, code_ - headerSize_,
+                                                 headerSize_ + bufferSize_)))
+    {
         pool_->addRef();
+    }
     code_ = nullptr;
 
     // Code buffers are stored inside ExecutablePools. Pools are refcounted.
     // Releasing the pool may free it. Horrible hack: if we are using perf
     // integration, we don't want to reuse code addresses, so we just leak the
     // memory instead.
     if (!PerfEnabled())
         pool_->release(headerSize_ + bufferSize_, CodeKind(kind_));