Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-01 22:55:23 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 794214 - Avoid putting poisoned pointer into type->newScript. r=billm

Browse Source 
--HG--
extra : rebase_source : 904806c6059409c1af02624a1b4b989329f5acf3
This commit is contained in:
Steve Fink 2012-09-25 13:48:40 -07:00
parent 4ac3852d87
commit 9d0d41cb98
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
js/src/jsinfer.cpp
View File

@ -4958,7 +4958,17 @@ CheckNewScriptProperties(JSContext *cx, HandleTypeObject type, JSFunction *fun)
size_t numBytes = sizeof(TypeNewScript)
+ (initializerList.length() * sizeof(TypeNewScript::Initializer));
#ifdef JSGC_ROOT_ANALYSIS
// calloc can legitimately return a pointer that appears to be poisoned.
void *p;
do {
p = cx->calloc_(numBytes);
} while (IsPoisonedPtr(p));
type->newScript = (TypeNewScript *) p;
#else
type->newScript = (TypeNewScript *) cx->calloc_(numBytes);
#endif
if (!type->newScript) {
cx->compartment->types.setPendingNukeTypes(cx);
return;