From cf70142093eb145b8e349bd7a95e22a55662a6d3 Mon Sep 17 00:00:00 2001 From: janekptacijarabaci Date: Mon, 19 Mar 2018 10:25:44 +0100 Subject: Bug 1323868: Report object allocation failure when running off-main-thread Issue #77 [Depends on] Bug 1192038: RegExp.prototype should be an ordinary object --- js/src/gc/Allocator.cpp | 8 ++++++-- js/src/jit-test/tests/gc/bug-1323868.js | 5 +++++ 2 files changed, 11 insertions(+), 2 deletions(-) create mode 100644 js/src/jit-test/tests/gc/bug-1323868.js (limited to 'js/src') diff --git a/js/src/gc/Allocator.cpp b/js/src/gc/Allocator.cpp index 3994d5a5b..212493d86 100644 --- a/js/src/gc/Allocator.cpp +++ b/js/src/gc/Allocator.cpp @@ -39,8 +39,12 @@ js::Allocate(ExclusiveContext* cx, AllocKind kind, size_t nDynamicSlots, Initial MOZ_ASSERT_IF(nDynamicSlots != 0, clasp->isNative() || clasp->isProxy()); // Off-main-thread alloc cannot trigger GC or make runtime assertions. - if (!cx->isJSContext()) - return GCRuntime::tryNewTenuredObject(cx, kind, thingSize, nDynamicSlots); + if (!cx->isJSContext()) { + JSObject* obj = GCRuntime::tryNewTenuredObject(cx, kind, thingSize, nDynamicSlots); + if (MOZ_UNLIKELY(allowGC && !obj)) + ReportOutOfMemory(cx); + return obj; + } JSContext* ncx = cx->asJSContext(); JSRuntime* rt = ncx->runtime(); diff --git a/js/src/jit-test/tests/gc/bug-1323868.js b/js/src/jit-test/tests/gc/bug-1323868.js new file mode 100644 index 000000000..c7e8c9b08 --- /dev/null +++ b/js/src/jit-test/tests/gc/bug-1323868.js @@ -0,0 +1,5 @@ +if (helperThreadCount() == 0) + quit(); +startgc(8301); +offThreadCompileScript("(({a,b,c}))"); +gcparam("maxBytes", gcparam("gcBytes")); -- cgit v1.2.3