From 9472136272f01b858412f2d9d7854d2daa82496f Mon Sep 17 00:00:00 2001
From: Jan de Mooij <jdemooij@mozilla.com>
Date: Tue, 10 Apr 2018 15:00:49 +0200
Subject: Bug 1444668 - Avoid allocating large AssemblerBuffers. r=luke,
 r=bbouvier, a=RyanVM

---
 js/src/jit/shared/IonAssemblerBuffer.h | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'js/src/jit/shared/IonAssemblerBuffer.h')

diff --git a/js/src/jit/shared/IonAssemblerBuffer.h b/js/src/jit/shared/IonAssemblerBuffer.h
index cc20e26d2..3a6552696 100644
--- a/js/src/jit/shared/IonAssemblerBuffer.h
+++ b/js/src/jit/shared/IonAssemblerBuffer.h
@@ -181,6 +181,10 @@ class AssemblerBuffer
 
   protected:
     virtual Slice* newSlice(LifoAlloc& a) {
+        if (size() > MaxCodeBytesPerProcess - sizeof(Slice)) {
+            fail_oom();
+            return nullptr;
+        }
         Slice* tmp = static_cast<Slice*>(a.alloc(sizeof(Slice)));
         if (!tmp) {
             fail_oom();
-- 
cgit v1.2.3