Bug 1486470 - Avoid overwriting newData when there's an OOM failure on buffer shrinking attempt. r=froydnj
authorHenri Sivonen <hsivonen@hsivonen.fi>
Tue, 28 Aug 2018 14:49:20 +0000
changeset 491325 6d95f23e7ea20ff6b2a5dbd0af8627c60d3b1d1c
parent 491324 b0b8164bd25a5f750464ea7ce7555d477fa99c87
child 491326 8e03f957959dad0e0da538d975b60cf650237c3e
push id1815
push userffxbld-merge
push dateMon, 15 Oct 2018 10:40:45 +0000
treeherdermozilla-release@18d4c09e9378 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersfroydnj
bugs1486470
milestone63.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1486470 - Avoid overwriting newData when there's an OOM failure on buffer shrinking attempt. r=froydnj MozReview-Commit-ID: F54grcUOwBG Differential Revision: https://phabricator.services.mozilla.com/D4418
xpcom/string/nsTSubstring.cpp
--- a/xpcom/string/nsTSubstring.cpp
+++ b/xpcom/string/nsTSubstring.cpp
@@ -194,32 +194,31 @@ nsTSubstring<T>::StartBulkWriteImpl(size
       newData = oldData;
       newCapacity = curCapacity;
     } else {
       size_type storageSize = (newCapacity + 1) * sizeof(char_type);
       // Since we allocate only by powers of 2 we always fit into a full mozjemalloc
       // bucket, it's not useful to use realloc, which may spend time uselessly
       // copying too much.
       nsStringBuffer* newHdr = nsStringBuffer::Alloc(storageSize).take();
-      if (!newHdr) {
-        // we are still in a consistent state
-        if (shrinking) {
-          // Since shrinking is just a memory footprint optimization, we
-          // don't propagate OOM if we tried to shrink in order to avoid
-          // OOM crashes from infallible callers. If we're lucky, soon enough
-          // a fallible caller reaches OOM and is able to deal or we end up
-          // disposing of this string before reaching OOM again.
-          newData = oldData;
-          newCapacity = curCapacity;
-        } else {
-          return mozilla::Err(NS_ERROR_OUT_OF_MEMORY);
-        }
+      if (newHdr) {
+        newData = (char_type*)newHdr->Data();
+      } else if (shrinking) {
+        // We're still in a consistent state.
+        //
+        // Since shrinking is just a memory footprint optimization, we
+        // don't propagate OOM if we tried to shrink in order to avoid
+        // OOM crashes from infallible callers. If we're lucky, soon enough
+        // a fallible caller reaches OOM and is able to deal or we end up
+        // disposing of this string before reaching OOM again.
+        newData = oldData;
+        newCapacity = curCapacity;
+      } else {
+        return mozilla::Err(NS_ERROR_OUT_OF_MEMORY);
       }
-
-      newData = (char_type*)newHdr->Data();
     }
     newDataFlags = DataFlags::TERMINATED | DataFlags::REFCOUNTED;
   }
 
   this->mData = newData;
   this->mDataFlags = newDataFlags;
 
   if (oldData == newData) {