diff options
author | Gaming4JC <g4jc@hyperbola.info> | 2019-07-14 21:41:35 -0400 |
---|---|---|
committer | Gaming4JC <g4jc@hyperbola.info> | 2019-07-18 22:38:48 -0400 |
commit | 28c5b8c0589d7548382d205de8df03b42b32ccc7 (patch) | |
tree | 43fe7f1a36b68418f193792449f5e799606578b3 /js | |
parent | 076ad08ac6f001626e63bc382d3b3d709f692a68 (diff) | |
download | UXP-28c5b8c0589d7548382d205de8df03b42b32ccc7.tar UXP-28c5b8c0589d7548382d205de8df03b42b32ccc7.tar.gz UXP-28c5b8c0589d7548382d205de8df03b42b32ccc7.tar.lz UXP-28c5b8c0589d7548382d205de8df03b42b32ccc7.tar.xz UXP-28c5b8c0589d7548382d205de8df03b42b32ccc7.zip |
1344334 - Make DoTypeUpdateFallback infallible.
Diffstat (limited to 'js')
-rw-r--r-- | js/src/jit-test/tests/baseline/bug1344334.js | 14 | ||||
-rw-r--r-- | js/src/jit/BaselineIC.cpp | 9 |
2 files changed, 22 insertions, 1 deletions
diff --git a/js/src/jit-test/tests/baseline/bug1344334.js b/js/src/jit-test/tests/baseline/bug1344334.js new file mode 100644 index 000000000..66994338a --- /dev/null +++ b/js/src/jit-test/tests/baseline/bug1344334.js @@ -0,0 +1,14 @@ +if (!('oomTest' in this)) + quit(); + +function f(s) { + s + "x"; + s.indexOf("y") === 0; + oomTest(new Function(s)); +} +var s = ` + class TestClass { constructor() {} } + for (var fun of hasPrototype) {} +`; +if (s.length) + f(s); diff --git a/js/src/jit/BaselineIC.cpp b/js/src/jit/BaselineIC.cpp index 8a7c68e59..a001357f8 100644 --- a/js/src/jit/BaselineIC.cpp +++ b/js/src/jit/BaselineIC.cpp @@ -323,7 +323,14 @@ DoTypeUpdateFallback(JSContext* cx, BaselineFrame* frame, ICUpdatedStub* stub, H MOZ_CRASH("Invalid stub"); } - return stub->addUpdateStubForValue(cx, script /* = outerScript */, obj, id, value); + if (!stub->addUpdateStubForValue(cx, script /* = outerScript */, obj, id, value)) { + // The calling JIT code assumes this function is infallible (for + // instance we may reallocate dynamic slots before calling this), + // so ignore OOMs if we failed to attach a stub. + cx->recoverFromOutOfMemory(); + } + + return true; } typedef bool (*DoTypeUpdateFallbackFn)(JSContext*, BaselineFrame*, ICUpdatedStub*, HandleValue, |