Bug 1295688 - InfallibleAllocPolicy should crash on overflow. r=glandium

Code that uses InfallibleAllocPolicy presumably wants for operations to always succeed. However, Vector and HashTable can end up detecting that growing the data structure will fail due to integer overflow, and then will call reportAllocOverflow() and fail. I think these cases should crash. In addition, pod_malloc and pod_realloc should crash rather than returning NULL when they detect overflow. This calls mozalloc_abort rather than MOZ_CRASH directly to avoid circular #includes, because Assertions.h includes nsTraceRefcnt.h which includes nscore.h which includes mozalloc.h. MozReview-Commit-ID: 1g99BXLceQI --HG-- extra : rebase_source : 927d842588c1f85a50a7a1c50a5546d5f688555f
2024-10-08 19:04:45 +00:00 · 2016-08-16 10:56:14 -07:00 · 2016-08-16 10:56:14 -07:00 · faa1eb2316
commit faa1eb2316
parent 2f9e419db4
1 changed files with 4 additions and 2 deletions
--- a/memory/mozalloc/mozalloc.h
+++ b/memory/mozalloc/mozalloc.h
@ -27,6 +27,7 @@

 #if defined(__cplusplus)
 #include "mozilla/fallible.h"
+#include "mozilla/mozalloc_abort.h"
 #include "mozilla/TemplateLib.h"
 #endif
 #include "mozilla/Attributes.h"
@ -292,7 +293,7 @@ public:
    T* pod_malloc(size_t aNumElems)
    {
        if (aNumElems & mozilla::tl::MulOverflowMask<sizeof(T)>::value) {
-            return nullptr;
+            reportAllocOverflow();
        }
        return static_cast<T*>(moz_xmalloc(aNumElems * sizeof(T)));
    }
@ -307,7 +308,7 @@ public:
    T* pod_realloc(T* aPtr, size_t aOldSize, size_t aNewSize)
    {
        if (aNewSize & mozilla::tl::MulOverflowMask<sizeof(T)>::value) {
-            return nullptr;
+            reportAllocOverflow();
        }
        return static_cast<T*>(moz_xrealloc(aPtr, aNewSize * sizeof(T)));
    }
@ -319,6 +320,7 @@ public:

    void reportAllocOverflow() const
    {
+        mozalloc_abort("alloc overflow");
    }

    bool checkSimulatedOOM() const