summaryrefslogtreecommitdiffstats
path: root/js
diff options
context:
space:
mode:
authorGaming4JC <g4jc@hyperbola.info>2019-07-14 21:41:35 -0400
committerGaming4JC <g4jc@hyperbola.info>2019-07-18 22:38:48 -0400
commit28c5b8c0589d7548382d205de8df03b42b32ccc7 (patch)
tree43fe7f1a36b68418f193792449f5e799606578b3 /js
parent076ad08ac6f001626e63bc382d3b3d709f692a68 (diff)
downloadUXP-28c5b8c0589d7548382d205de8df03b42b32ccc7.tar
UXP-28c5b8c0589d7548382d205de8df03b42b32ccc7.tar.gz
UXP-28c5b8c0589d7548382d205de8df03b42b32ccc7.tar.lz
UXP-28c5b8c0589d7548382d205de8df03b42b32ccc7.tar.xz
UXP-28c5b8c0589d7548382d205de8df03b42b32ccc7.zip
1344334 - Make DoTypeUpdateFallback infallible.
Diffstat (limited to 'js')
-rw-r--r--js/src/jit-test/tests/baseline/bug1344334.js14
-rw-r--r--js/src/jit/BaselineIC.cpp9
2 files changed, 22 insertions, 1 deletions
diff --git a/js/src/jit-test/tests/baseline/bug1344334.js b/js/src/jit-test/tests/baseline/bug1344334.js
new file mode 100644
index 000000000..66994338a
--- /dev/null
+++ b/js/src/jit-test/tests/baseline/bug1344334.js
@@ -0,0 +1,14 @@
+if (!('oomTest' in this))
+ quit();
+
+function f(s) {
+ s + "x";
+ s.indexOf("y") === 0;
+ oomTest(new Function(s));
+}
+var s = `
+ class TestClass { constructor() {} }
+ for (var fun of hasPrototype) {}
+`;
+if (s.length)
+ f(s);
diff --git a/js/src/jit/BaselineIC.cpp b/js/src/jit/BaselineIC.cpp
index 8a7c68e59..a001357f8 100644
--- a/js/src/jit/BaselineIC.cpp
+++ b/js/src/jit/BaselineIC.cpp
@@ -323,7 +323,14 @@ DoTypeUpdateFallback(JSContext* cx, BaselineFrame* frame, ICUpdatedStub* stub, H
MOZ_CRASH("Invalid stub");
}
- return stub->addUpdateStubForValue(cx, script /* = outerScript */, obj, id, value);
+ if (!stub->addUpdateStubForValue(cx, script /* = outerScript */, obj, id, value)) {
+ // The calling JIT code assumes this function is infallible (for
+ // instance we may reallocate dynamic slots before calling this),
+ // so ignore OOMs if we failed to attach a stub.
+ cx->recoverFromOutOfMemory();
+ }
+
+ return true;
}
typedef bool (*DoTypeUpdateFallbackFn)(JSContext*, BaselineFrame*, ICUpdatedStub*, HandleValue,