Bug 916580 - Fix bugs related to the usage of calloc. r=luke, a=akeybl
authorDan Gohman <sunfish@google.com>
Fri, 11 Oct 2013 11:21:26 -0400
changeset 161555 6cfb2b0f594b6dbaeaea0e46cd258d673cd53fa4
parent 161554 43cc27cc3ea839feadf4044b782017337bfd92a0
child 161556 1e701acdecca5266be9a086a20b8e19931dbf2e3
push id407
push userlsblakk@mozilla.com
push dateTue, 03 Dec 2013 03:32:50 +0000
treeherdermozilla-release@babf8c9ebc52 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersluke, akeybl
bugs916580
milestone26.0a2
Bug 916580 - Fix bugs related to the usage of calloc. r=luke, a=akeybl
js/jsd/jsd_lock.cpp
js/public/Utility.h
js/src/jit/BaselineBailouts.cpp
js/src/jit/IonCode.h
js/src/jsutil.cpp
--- a/js/jsd/jsd_lock.cpp
+++ b/js/jsd/jsd_lock.cpp
@@ -80,17 +80,17 @@ void ASSERT_VALID_LOCK(JSDStaticLock* lo
 #define ASSERT_VALID_LOCK(x) ((void)0)
 #endif
 
 JSDStaticLock*
 jsd_CreateLock()
 {
     JSDStaticLock* lock;
 
-    if( ! (lock = js_pod_calloc<JSDStaticLock>(1)) ||
+    if( ! (lock = js_pod_calloc<JSDStaticLock>()) ||
         ! (lock->lock = PR_NewLock()) )
     {
         if(lock)
         {
             free(lock);
             lock = NULL;
         }
     }
--- a/js/public/Utility.h
+++ b/js/public/Utility.h
@@ -142,16 +142,22 @@ static JS_INLINE void* js_malloc(size_t 
 }
 
 static JS_INLINE void* js_calloc(size_t bytes)
 {
     JS_OOM_POSSIBLY_FAIL();
     return calloc(bytes, 1);
 }
 
+static JS_INLINE void* js_calloc(size_t nmemb, size_t size)
+{
+    JS_OOM_POSSIBLY_FAIL();
+    return calloc(nmemb, size);
+}
+
 static JS_INLINE void* js_realloc(void* p, size_t bytes)
 {
     JS_OOM_POSSIBLY_FAIL();
     return realloc(p, bytes);
 }
 
 static JS_INLINE void js_free(void* p)
 {
--- a/js/src/jit/BaselineBailouts.cpp
+++ b/js/src/jit/BaselineBailouts.cpp
@@ -120,16 +120,18 @@ struct BaselineStackBuilder
         header_->resumeAddr = NULL;
         header_->monitorStub = NULL;
         header_->numFrames = 0;
         return true;
     }
 
     bool enlarge() {
         JS_ASSERT(buffer_ != NULL);
+        if (bufferTotal_ & mozilla::tl::MulOverflowMask<2>::value)
+            return false;
         size_t newSize = bufferTotal_ * 2;
         uint8_t *newBuffer = reinterpret_cast<uint8_t *>(js_calloc(newSize));
         if (!newBuffer)
             return false;
         memcpy((newBuffer + newSize) - bufferUsed_, header_->copyStackBottom, bufferUsed_);
         memcpy(newBuffer, header_, sizeof(BaselineBailoutInfo));
         js_free(buffer_);
         buffer_ = newBuffer;
--- a/js/src/jit/IonCode.h
+++ b/js/src/jit/IonCode.h
@@ -571,17 +571,17 @@ struct IonBlockCounts
 
   public:
 
     bool init(uint32_t id, uint32_t offset, uint32_t numSuccessors) {
         id_ = id;
         offset_ = offset;
         numSuccessors_ = numSuccessors;
         if (numSuccessors) {
-            successors_ = (uint32_t *) js_calloc(numSuccessors * sizeof(uint32_t));
+            successors_ = js_pod_calloc<uint32_t>(numSuccessors);
             if (!successors_)
                 return false;
         }
         return true;
     }
 
     void destroy() {
         js_free(successors_);
@@ -669,17 +669,17 @@ struct IonScriptCounts
         for (size_t i = 0; i < numBlocks_; i++)
             blocks_[i].destroy();
         js_free(blocks_);
         js_delete(previous_);
     }
 
     bool init(size_t numBlocks) {
         numBlocks_ = numBlocks;
-        blocks_ = (IonBlockCounts *) js_calloc(numBlocks * sizeof(IonBlockCounts));
+        blocks_ = js_pod_calloc<IonBlockCounts>(numBlocks);
         return blocks_ != NULL;
     }
 
     size_t numBlocks() const {
         return numBlocks_;
     }
 
     IonBlockCounts &block(size_t i) {
--- a/js/src/jsutil.cpp
+++ b/js/src/jsutil.cpp
@@ -26,17 +26,17 @@ using namespace js;
 
 using mozilla::CeilingLog2Size;
 using mozilla::PodArrayZero;
 
 #if USE_ZLIB
 static void *
 zlib_alloc(void *cx, uInt items, uInt size)
 {
-    return js_malloc(items * size);
+    return js_calloc(items, size);
 }
 
 static void
 zlib_free(void *cx, void *addr)
 {
     js_free(addr);
 }