From 887fface569f29650e51369cfc2bb3fd23d3f101 Mon Sep 17 00:00:00 2001
From: Moonchild <moonchild@palemoon.org>
Date: Thu, 19 Nov 2020 17:48:59 +0000
Subject: [xpcom] Don't use realloc for shrinking nsTArrays when allowRealloc
 is false.

The original patch handled the grow case but not the shrink case. When the
current and new allocation sizes are in different size classes, jemalloc's
realloc will move the allocation when shrinking, not just truncate the existing
one.

Based on work by Jon Coppeard.
---
 xpcom/glue/nsTArray-inl.h | 26 +++++++++++++++++++++-----
 1 file changed, 21 insertions(+), 5 deletions(-)

(limited to 'xpcom/glue')

diff --git a/xpcom/glue/nsTArray-inl.h b/xpcom/glue/nsTArray-inl.h
index 27fd38db0..2eaea8029 100644
--- a/xpcom/glue/nsTArray-inl.h
+++ b/xpcom/glue/nsTArray-inl.h
@@ -248,12 +248,28 @@ nsTArray_base<Alloc, Copy>::ShrinkCapacity(size_type aElemSize,
     return;
   }
 
-  size_type size = sizeof(Header) + length * aElemSize;
-  void* ptr = nsTArrayFallibleAllocator::Realloc(mHdr, size);
-  if (!ptr) {
-    return;
+  size_type newSize = sizeof(Header) + length * aElemSize;
+
+  Header* newHeader;
+  if (!Copy::allowRealloc) {
+    // Malloc() and copy
+    newHeader = static_cast<Header*>(nsTArrayFallibleAllocator::Malloc(newSize));
+    if (!newHeader) {
+      return;
+    }
+
+    Copy::MoveNonOverlappingRegionWithHeader(newHeader, mHdr, Length(), aElemSize);
+
+    nsTArrayFallibleAllocator::Free(mHdr);
+  } else {
+    // Realloc() existing data
+    newHeader = static_cast<Header*>(nsTArrayFallibleAllocator::Realloc(mHdr, newSize));
+    if (!newHeader) {
+      return;
+    }
   }
-  mHdr = static_cast<Header*>(ptr);
+  
+  mHdr = newHeader;
   mHdr->mCapacity = length;
 }
 
-- 
cgit v1.2.3