summaryrefslogtreecommitdiffstats
path: root/js/src/jit/RematerializedFrame.cpp
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@gmail.com>2018-04-29 13:39:11 +0200
committerwolfbeast <mcwerewolf@gmail.com>2018-04-29 13:39:11 +0200
commit66aa6b595c47231958a855e4b166f5d55df1184d (patch)
tree6be9ba956bd1651cf23d35eff2ae51058d65d813 /js/src/jit/RematerializedFrame.cpp
parent927868e8b93f508fe89ee82f618f4a1761366f70 (diff)
downloadUXP-66aa6b595c47231958a855e4b166f5d55df1184d.tar
UXP-66aa6b595c47231958a855e4b166f5d55df1184d.tar.gz
UXP-66aa6b595c47231958a855e4b166f5d55df1184d.tar.lz
UXP-66aa6b595c47231958a855e4b166f5d55df1184d.tar.xz
UXP-66aa6b595c47231958a855e4b166f5d55df1184d.zip
Bug 1411415.
Diffstat (limited to 'js/src/jit/RematerializedFrame.cpp')
-rw-r--r--js/src/jit/RematerializedFrame.cpp14
1 files changed, 11 insertions, 3 deletions
diff --git a/js/src/jit/RematerializedFrame.cpp b/js/src/jit/RematerializedFrame.cpp
index cb324220c..32fad1267 100644
--- a/js/src/jit/RematerializedFrame.cpp
+++ b/js/src/jit/RematerializedFrame.cpp
@@ -61,9 +61,17 @@ RematerializedFrame::New(JSContext* cx, uint8_t* top, InlineFrameIterator& iter,
{
unsigned numFormals = iter.isFunctionFrame() ? iter.calleeTemplate()->nargs() : 0;
unsigned argSlots = Max(numFormals, iter.numActualArgs());
- size_t numBytes = sizeof(RematerializedFrame) +
- (argSlots + iter.script()->nfixed()) * sizeof(Value) -
- sizeof(Value); // 1 Value included in sizeof(RematerializedFrame)
+ unsigned extraSlots = argSlots + iter.script()->nfixed();
+
+ // One Value slot is included in sizeof(RematerializedFrame), so we can
+ // reduce the extra slot count by one. However, if there are zero slot
+ // allocations total, then reducing the slots by one will lead to
+ // the memory allocation being smaller than sizeof(RematerializedFrame).
+ if (extraSlots > 0)
+ extraSlots -= 1;
+
+ size_t numBytes = sizeof(RematerializedFrame) + (extraSlots * sizeof(Value));
+ MOZ_ASSERT(numBytes >= sizeof(RematerializedFrame));
void* buf = cx->pod_calloc<uint8_t>(numBytes);
if (!buf)