Avoid recycling an overlarge arena from the evil arena_freelist, in case the new consumer is itself oversized and therefore owns the entire allocation (283234, r=shaver).

2024-10-12 21:05:36 +00:00 · 2005-02-23 21:31:58 +00:00 · 2005-02-23 21:31:58 +00:00 · ad93cb5afa
commit ad93cb5afa
parent 610f657d54
1 changed files with 3 additions and 6 deletions
--- a/js/src/jsarena.c
+++ b/js/src/jsarena.c
@ -172,14 +172,11 @@ JS_ArenaAllocate(JSArenaPool *pool, size_t nb)
            JS_ACQUIRE_LOCK(arena_freelist_lock);
            while ((b = *bp) != NULL) {
                /*
-                 * Insist on exact arenasize match if nb is not greater than
-                 * arenasize.  Otherwise take any arena big enough, but not by
-                 * more than gross + arenasize.
+                 * Insist on exact arenasize match to avoid leaving alloc'able
+                 * space after an oversized allocation as it grows.
                 */
                sz = JS_UPTRDIFF(b->limit, b);
-                if (extra
-                    ? sz >= gross && sz <= gross + pool->arenasize
-                    : sz == gross) {
+                if (sz == gross) {
                    *bp = b->next;
                    JS_RELEASE_LOCK(arena_freelist_lock);
                    b->next = NULL;