Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-09 19:35:51 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1293311 - Handle OOM in ArgumentsObject::finishForIon properly. r=nbp

Browse Source
This commit is contained in:
Jan de Mooij 2016-09-19 21:04:06 +02:00
parent 140f722c49
commit c67efa31d7
2 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
js/src/jit/CodeGenerator.cpp
View File

@ -6074,6 +6074,8 @@ CodeGenerator::visitCreateArgumentsObject(LCreateArgumentsObject* lir)
Register objTemp = ToRegister(lir->temp1());
Register cxTemp = ToRegister(lir->temp2());
masm.Push(callObj);
// Try to allocate an arguments object. This will leave the reserved
// slots uninitialized, so it's important we don't GC until we
// initialize these slots in ArgumentsObject::finishForIon.
@ -6082,7 +6084,7 @@ CodeGenerator::visitCreateArgumentsObject(LCreateArgumentsObject* lir)
/* initContents = */ false);
masm.moveStackPtrTo(temp);
masm.addPtr(Imm32(frameSize()), temp);
masm.addPtr(Imm32(masm.framePushed()), temp);
masm.setupUnalignedABICall(cxTemp);
masm.loadJSContext(cxTemp);
@ -6092,10 +6094,14 @@ CodeGenerator::visitCreateArgumentsObject(LCreateArgumentsObject* lir)
masm.passABIArg(objTemp);
masm.callWithABI(JS_FUNC_TO_DATA_PTR(void*, ArgumentsObject::finishForIon));
masm.branchTestPtr(Assembler::Zero, ReturnReg, ReturnReg, masm.exceptionLabel());
masm.branchTestPtr(Assembler::Zero, ReturnReg, ReturnReg, &failure);
// Discard saved callObj on the stack.
masm.addToStackPtr(Imm32(sizeof(uintptr_t)));
masm.jump(&done);
masm.bind(&failure);
masm.Pop(callObj);
}
masm.moveStackPtrTo(temp);

4
js/src/vm/ArgumentsObject.cpp
View File

@ -383,7 +383,9 @@ ArgumentsObject::finishForIon(JSContext* cx, jit::JitFrameLayout* frame,
ArgumentsData* data =
reinterpret_cast<ArgumentsData*>(AllocateObjectBuffer<uint8_t>(cx, obj, numBytes));
if (!data) {
// Make the object safe for GC.
// Make the object safe for GC. Don't report OOM, the slow path will
// retry the allocation.
cx->recoverFromOutOfMemory();
obj->initFixedSlot(DATA_SLOT, PrivateValue(nullptr));
return nullptr;
}