mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-12 21:05:36 +00:00
Avoid recycling an overlarge arena from the evil arena_freelist, in case the new consumer is itself oversized and therefore owns the entire allocation (283234, r=shaver).
This commit is contained in:
parent
610f657d54
commit
ad93cb5afa
@ -172,14 +172,11 @@ JS_ArenaAllocate(JSArenaPool *pool, size_t nb)
|
||||
JS_ACQUIRE_LOCK(arena_freelist_lock);
|
||||
while ((b = *bp) != NULL) {
|
||||
/*
|
||||
* Insist on exact arenasize match if nb is not greater than
|
||||
* arenasize. Otherwise take any arena big enough, but not by
|
||||
* more than gross + arenasize.
|
||||
* Insist on exact arenasize match to avoid leaving alloc'able
|
||||
* space after an oversized allocation as it grows.
|
||||
*/
|
||||
sz = JS_UPTRDIFF(b->limit, b);
|
||||
if (extra
|
||||
? sz >= gross && sz <= gross + pool->arenasize
|
||||
: sz == gross) {
|
||||
if (sz == gross) {
|
||||
*bp = b->next;
|
||||
JS_RELEASE_LOCK(arena_freelist_lock);
|
||||
b->next = NULL;
|
||||
|
Loading…
Reference in New Issue
Block a user