diff options
-rw-r--r-- | config/external/nspr/pr/moz.build | 2 | ||||
-rw-r--r-- | gfx/layers/composite/CanvasLayerComposite.cpp | 6 | ||||
-rw-r--r-- | gfx/layers/composite/ImageLayerComposite.cpp | 9 | ||||
-rw-r--r-- | gfx/layers/composite/PaintedLayerComposite.cpp | 9 | ||||
-rw-r--r-- | js/src/frontend/BytecodeEmitter.cpp | 28 | ||||
-rw-r--r-- | js/src/frontend/BytecodeEmitter.h | 10 | ||||
-rw-r--r-- | media/webrtc/trunk/webrtc/modules/video_capture/windows/MediaType.cpp | 8 | ||||
-rw-r--r-- | modules/libpref/init/all.js | 1 |
8 files changed, 50 insertions, 23 deletions
diff --git a/config/external/nspr/pr/moz.build b/config/external/nspr/pr/moz.build index cda249b8a..af710f850 100644 --- a/config/external/nspr/pr/moz.build +++ b/config/external/nspr/pr/moz.build @@ -38,6 +38,8 @@ elif CONFIG['OS_TARGET'] in ('FreeBSD', 'OpenBSD', 'NetBSD'): SOURCES += ['/nsprpub/pr/src/md/unix/%s.c' % CONFIG['OS_TARGET'].lower()] elif CONFIG['OS_TARGET'] == 'Darwin': OS_LIBS += ['-framework CoreServices'] + DEFINES['FD_SETSIZE'] = 10240 + DEFINES['_DARWIN_UNLIMITED_SELECT'] = True DEFINES.update( DARWIN=True, HAVE_BSD_FLOCK=True, diff --git a/gfx/layers/composite/CanvasLayerComposite.cpp b/gfx/layers/composite/CanvasLayerComposite.cpp index 3c8299e05..86f25b1ee 100644 --- a/gfx/layers/composite/CanvasLayerComposite.cpp +++ b/gfx/layers/composite/CanvasLayerComposite.cpp @@ -43,9 +43,13 @@ bool CanvasLayerComposite::SetCompositableHost(CompositableHost* aHost) { switch (aHost->GetType()) { - case CompositableType::IMAGE: + case CompositableType::IMAGE: { + if (mCompositableHost && aHost != mCompositableHost) { + mCompositableHost->Detach(this); + } mCompositableHost = aHost; return true; + } default: return false; } diff --git a/gfx/layers/composite/ImageLayerComposite.cpp b/gfx/layers/composite/ImageLayerComposite.cpp index bac9f3790..6867aaa22 100644 --- a/gfx/layers/composite/ImageLayerComposite.cpp +++ b/gfx/layers/composite/ImageLayerComposite.cpp @@ -50,9 +50,14 @@ bool ImageLayerComposite::SetCompositableHost(CompositableHost* aHost) { switch (aHost->GetType()) { - case CompositableType::IMAGE: - mImageHost = static_cast<ImageHost*>(aHost); + case CompositableType::IMAGE: { + ImageHost* newImageHost = static_cast<ImageHost*>(aHost); + if (mImageHost && newImageHost != mImageHost) { + mImageHost->Detach(this); + } + mImageHost = newImageHost; return true; + } default: return false; } diff --git a/gfx/layers/composite/PaintedLayerComposite.cpp b/gfx/layers/composite/PaintedLayerComposite.cpp index b58f5d690..232cc4ef4 100644 --- a/gfx/layers/composite/PaintedLayerComposite.cpp +++ b/gfx/layers/composite/PaintedLayerComposite.cpp @@ -49,9 +49,14 @@ PaintedLayerComposite::SetCompositableHost(CompositableHost* aHost) switch (aHost->GetType()) { case CompositableType::CONTENT_TILED: case CompositableType::CONTENT_SINGLE: - case CompositableType::CONTENT_DOUBLE: - mBuffer = static_cast<ContentHost*>(aHost); + case CompositableType::CONTENT_DOUBLE: { + ContentHost* newBuffer = static_cast<ContentHost*>(aHost); + if (mBuffer && newBuffer != mBuffer) { + mBuffer->Detach(this); + } + mBuffer = newBuffer; return true; + } default: return false; } diff --git a/js/src/frontend/BytecodeEmitter.cpp b/js/src/frontend/BytecodeEmitter.cpp index b3dd6d777..c524184d6 100644 --- a/js/src/frontend/BytecodeEmitter.cpp +++ b/js/src/frontend/BytecodeEmitter.cpp @@ -2260,12 +2260,14 @@ BytecodeEmitter::locationOfNameBoundInFunctionScope(JSAtom* name, EmitterScope* bool BytecodeEmitter::emitCheck(ptrdiff_t delta, ptrdiff_t* offset) { - *offset = code().length(); + size_t oldLength = code().length(); + *offset = ptrdiff_t(oldLength); - // Start it off moderately large to avoid repeated resizings early on. - // ~98% of cases fit within 1024 bytes. - if (code().capacity() == 0 && !code().reserve(1024)) - return false; + size_t newLength = oldLength + size_t(delta); + if (MOZ_UNLIKELY(newLength > MaxBytecodeLength)) { + ReportAllocationOverflow(cx); + return false; + } if (!code().growBy(delta)) { ReportOutOfMemory(cx); @@ -10697,17 +10699,19 @@ BytecodeEmitter::emitTreeInBranch(ParseNode* pn) static bool AllocSrcNote(ExclusiveContext* cx, SrcNotesVector& notes, unsigned* index) { - // Start it off moderately large to avoid repeated resizings early on. - // ~99% of cases fit within 256 bytes. - if (notes.capacity() == 0 && !notes.reserve(256)) - return false; + size_t oldLength = notes.length(); + if (MOZ_UNLIKELY(oldLength + 1 > MaxSrcNotesLength)) { + ReportAllocationOverflow(cx); + return false; + } + if (!notes.growBy(1)) { ReportOutOfMemory(cx); return false; } - *index = notes.length() - 1; + *index = oldLength; return true; } @@ -10833,6 +10837,10 @@ BytecodeEmitter::setSrcNoteOffset(unsigned index, unsigned which, ptrdiff_t offs /* Maybe this offset was already set to a four-byte value. */ if (!(*sn & SN_4BYTE_OFFSET_FLAG)) { /* Insert three dummy bytes that will be overwritten shortly. */ + if (MOZ_UNLIKELY(notes.length() + 3 > MaxSrcNotesLength)) {
+ ReportAllocationOverflow(cx);
+ return false; + } jssrcnote dummy = 0; if (!(sn = notes.insert(sn, dummy)) || !(sn = notes.insert(sn, dummy)) || diff --git a/js/src/frontend/BytecodeEmitter.h b/js/src/frontend/BytecodeEmitter.h index 32668a34c..814fa11d4 100644 --- a/js/src/frontend/BytecodeEmitter.h +++ b/js/src/frontend/BytecodeEmitter.h @@ -109,10 +109,12 @@ struct CGYieldOffsetList { void finish(YieldOffsetArray& array, uint32_t prologueLength); }; -// Use zero inline elements because these go on the stack and affect how many -// nested functions are possible. -typedef Vector<jsbytecode, 0> BytecodeVector; -typedef Vector<jssrcnote, 0> SrcNotesVector; +static size_t MaxBytecodeLength = INT32_MAX; +static size_t MaxSrcNotesLength = INT32_MAX; + +// Have a few inline elements to avoid heap allocation for tiny sequences. +typedef Vector<jsbytecode, 256> BytecodeVector; +typedef Vector<jssrcnote, 64> SrcNotesVector; // Linked list of jump instructions that need to be patched. The linked list is // stored in the bytes of the incomplete bytecode that will be patched, so no diff --git a/media/webrtc/trunk/webrtc/modules/video_capture/windows/MediaType.cpp b/media/webrtc/trunk/webrtc/modules/video_capture/windows/MediaType.cpp index 54fc2ab7b..f06709446 100644 --- a/media/webrtc/trunk/webrtc/modules/video_capture/windows/MediaType.cpp +++ b/media/webrtc/trunk/webrtc/modules/video_capture/windows/MediaType.cpp @@ -82,7 +82,10 @@ MediaType::Assign(const AM_MEDIA_TYPE* aMediaType) Clear(); // Shallow copy. - memcpy(this, aMediaType, sizeof(AM_MEDIA_TYPE)); + memcpy(static_cast<AM_MEDIA_TYPE*>(this), aMediaType, sizeof(AM_MEDIA_TYPE)); + + if (pUnk) + pUnk->AddRef(); // Create deep copy of incoming data... if (cbFormat) { @@ -92,9 +95,6 @@ MediaType::Assign(const AM_MEDIA_TYPE* aMediaType) memcpy(pbFormat, aMediaType->pbFormat, cbFormat); } - if (pUnk) - pUnk->AddRef(); - return S_OK; } diff --git a/modules/libpref/init/all.js b/modules/libpref/init/all.js index ee435d66a..d5005cbdd 100644 --- a/modules/libpref/init/all.js +++ b/modules/libpref/init/all.js @@ -1384,6 +1384,7 @@ pref("network.protocol-handler.external.vbscript", false); pref("network.protocol-handler.external.javascript", false); pref("network.protocol-handler.external.data", false); pref("network.protocol-handler.external.ms-help", false); +pref("network.protocol-handler.external.res", false); pref("network.protocol-handler.external.shell", false); pref("network.protocol-handler.external.vnd.ms.radio", false); #ifdef XP_MACOSX |