Beef up sanity checking (338121, r=mrbkap).

2025-01-13 07:24:47 +00:00 · 2006-05-18 17:12:14 +00:00 · 2006-05-18 17:12:14 +00:00 · 24ab9e005f
commit 24ab9e005f
parent 21c8106c83
2 changed files with 8 additions and 5 deletions
--- a/js/src/jsarena.c
+++ b/js/src/jsarena.c
@ -171,7 +171,8 @@ JS_ArenaAllocate(JSArenaPool *pool, size_t nb)
     * https://bugzilla.mozilla.org/show_bug.cgi?id=279273.
     */
    JS_ASSERT((nb & pool->mask) == 0);
-    for (a = pool->current; a->avail > a->limit - nb; pool->current = a) {
+    for (a = pool->current; nb > a->limit || a->avail > a->limit - nb;
+         pool->current = a) {
        ap = &a->next;
        if (!*ap) {
            /* Not enough space in pool -- try to reclaim a free arena. */
--- a/js/src/jsarena.h
+++ b/js/src/jsarena.h
@ -113,10 +113,12 @@ struct JSArenaPool {
    JS_ARENA_ALLOCATE_CAST(p, void *, pool, nb)

 #define JS_ARENA_ALLOCATE_TYPE(p, type, pool)                                 \
-    JS_ARENA_ALLOCATE_CAST(p, type *, pool, sizeof(type))
+    JS_ARENA_ALLOCATE_COMMON(p, type *, pool, sizeof(type), 0)
+
+#define JS_ARENA_ALLOCATE_CAST(p, type, pool, nb)                             \
+    JS_ARENA_ALLOCATE_COMMON(p, type, pool, nb, _nb > _a->limit)

 /*
- *
 * NB: In JS_ARENA_ALLOCATE_CAST and JS_ARENA_GROW_CAST, always subtract _nb
 * from a->limit rather than adding _nb to _p, to avoid overflowing a 32-bit
 * address space (possible when running a 32-bit program on a 64-bit system
@ -126,12 +128,12 @@ struct JSArenaPool {
 * Thanks to Juergen Kreileder <jk@blackdown.de>, who brought this up in
 * https://bugzilla.mozilla.org/show_bug.cgi?id=279273.
 */
-#define JS_ARENA_ALLOCATE_CAST(p, type, pool, nb)                             \
+#define JS_ARENA_ALLOCATE_COMMON(p, type, pool, nb, guard)                    \
    JS_BEGIN_MACRO                                                            \
        JSArena *_a = (pool)->current;                                        \
        size_t _nb = JS_ARENA_ALIGN(pool, nb);                                \
        jsuword _p = _a->avail;                                               \
-        if (_p > _a->limit - _nb)                                             \
+        if ((guard) || _p > _a->limit - _nb)                                  \
            _p = (jsuword)JS_ArenaAllocate(pool, _nb);                        \
        else                                                                  \
            _a->avail = _p + _nb;                                             \