Bug 1240416 Disallow setting GC mark stack size to zero, and assert on attempt to realloc() zero bytes r=terrence

This commit is contained in:
Jon Coppeard 2016-01-20 10:13:14 +00:00
parent 86d9919eb8
commit de80f46e74
4 changed files with 12 additions and 0 deletions

View File

@ -235,6 +235,11 @@ static inline void* js_calloc(size_t nmemb, size_t size)
static inline void* js_realloc(void* p, size_t bytes)
{
// realloc() with zero size is not portable, as some implementations may
// return nullptr on success and free |p| for this. We assume nullptr
// indicates failure and that |p| is still valid.
MOZ_ASSERT(bytes != 0);
JS_OOM_POSSIBLY_FAIL();
return realloc(p, bytes);
}

View File

@ -1689,6 +1689,7 @@ MarkStack::setBaseCapacity(JSGCMode mode)
void
MarkStack::setMaxCapacity(size_t maxCapacity)
{
MOZ_ASSERT(maxCapacity != 0);
MOZ_ASSERT(isEmpty());
maxCapacity_ = maxCapacity;
if (baseCapacity_ > maxCapacity_)
@ -1706,6 +1707,7 @@ MarkStack::reset()
return;
}
MOZ_ASSERT(baseCapacity_ != 0);
uintptr_t* newStack = (uintptr_t*)js_realloc(stack_, sizeof(uintptr_t) * baseCapacity_);
if (!newStack) {
// If the realloc fails, just keep using the existing stack; it's
@ -1725,6 +1727,7 @@ MarkStack::enlarge(unsigned count)
size_t tosIndex = position();
MOZ_ASSERT(newCapacity != 0);
uintptr_t* newStack = (uintptr_t*)js_realloc(stack_, sizeof(uintptr_t) * newCapacity);
if (!newStack)
return false;

View File

@ -0,0 +1,2 @@
// |jit-test| error: Error
gcparam('markStackLimit', 0);

View File

@ -1414,6 +1414,8 @@ GCRuntime::setParameter(JSGCParamKey key, uint32_t value, AutoLockGC& lock)
defaultTimeBudget_ = value ? value : SliceBudget::UnlimitedTimeBudget;
break;
case JSGC_MARK_STACK_LIMIT:
if (value == 0)
return false;
setMarkStackLimit(value, lock);
break;
case JSGC_DECOMMIT_THRESHOLD: