Add extra check for assembler buffer space.

author: wolfbeast <mcwerewolf@gmail.com> 2018-09-04 07:40:42 +0200
committer: wolfbeast <mcwerewolf@gmail.com> 2018-09-04 07:40:42 +0200
commit: 7d73b3fbfe1cd4f3a45b569f98f19041f95a50b9 (patch)
tree: 0209317cee2f5b5604035dc9103b598607a14b59 /js/src/jit/x86-shared
parent: 45f9a0daad81d1c6a1188b3473e5f0c67d27c0aa (diff)
download: UXP-7d73b3fbfe1cd4f3a45b569f98f19041f95a50b9.tar
UXP-7d73b3fbfe1cd4f3a45b569f98f19041f95a50b9.tar.gz
UXP-7d73b3fbfe1cd4f3a45b569f98f19041f95a50b9.tar.lz
UXP-7d73b3fbfe1cd4f3a45b569f98f19041f95a50b9.tar.xz
UXP-7d73b3fbfe1cd4f3a45b569f98f19041f95a50b9.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/js/src/jit/x86-shared/AssemblerBuffer-x86-shared.h b/js/src/jit/x86-shared/AssemblerBuffer-x86-shared.h
index 8cb557784..8343579c8 100644
--- a/js/src/jit/x86-shared/AssemblerBuffer-x86-shared.h
+++ b/js/src/jit/x86-shared/AssemblerBuffer-x86-shared.h
@@ -93,7 +93,8 @@ namespace jit {
 
         void ensureSpace(size_t space)
         {
-            if (MOZ_UNLIKELY(!m_buffer.reserve(m_buffer.length() + space)))
+                if (MOZ_UNLIKELY(m_buffer.length() > (SIZE_MAX - space) ||
+                                 !m_buffer.reserve(m_buffer.length() + space)))
                 oomDetected();
         }
author	wolfbeast <mcwerewolf@gmail.com>	2018-09-04 07:40:42 +0200
committer	wolfbeast <mcwerewolf@gmail.com>	2018-09-04 07:40:42 +0200
commit	7d73b3fbfe1cd4f3a45b569f98f19041f95a50b9 (patch)
tree	0209317cee2f5b5604035dc9103b598607a14b59 /js/src/jit/x86-shared
parent	45f9a0daad81d1c6a1188b3473e5f0c67d27c0aa (diff)
download	UXP-7d73b3fbfe1cd4f3a45b569f98f19041f95a50b9.tar UXP-7d73b3fbfe1cd4f3a45b569f98f19041f95a50b9.tar.gz UXP-7d73b3fbfe1cd4f3a45b569f98f19041f95a50b9.tar.lz UXP-7d73b3fbfe1cd4f3a45b569f98f19041f95a50b9.tar.xz UXP-7d73b3fbfe1cd4f3a45b569f98f19041f95a50b9.zip