Bug 865960 - JS OOM should throw instead of silently stopping execution (r=billm)

--HG--
extra : rebase_source : a9c64989310ef96923a74fd3ee902aae59805aca
This commit is contained in:
Luke Wagner 2013-05-01 11:04:06 -07:00
parent b73e972e46
commit 0c04aeb794
3 changed files with 16 additions and 63 deletions

View File

@ -487,37 +487,38 @@ PopulateReportBlame(JSContext *cx, JSErrorReport *report)
}
/*
* We don't post an exception in this case, since doing so runs into
* complications of pre-allocating an exception object which required
* running the Exception class initializer early etc.
* Instead we just invoke the errorReporter with an "Out Of Memory"
* type message, and then hope the process ends swiftly.
* Since memory has been exhausted, avoid the normal error-handling path which
* allocates an error object, report and callstack. If code is running, simply
* throw the static atom "out of memory". If code is not running, call the
* error reporter directly.
*
* Furthermore, callers of js_ReportOutOfMemory (viz., malloc) assume a GC does
* not occur, so GC must be avoided or suppressed.
*/
void
js_ReportOutOfMemory(JSContext *cx)
{
cx->runtime->hadOutOfMemory = true;
JSErrorReport report;
JSErrorReporter onError = cx->errorReporter;
if (JS_IsRunning(cx)) {
cx->setPendingException(StringValue(cx->names().outOfMemory));
return;
}
/* Get the message for this error, but we won't expand any arguments. */
/* Get the message for this error, but we don't expand any arguments. */
const JSErrorFormatString *efs =
js_GetLocalizedErrorMessage(cx, NULL, NULL, JSMSG_OUT_OF_MEMORY);
const char *msg = efs ? efs->format : "Out of memory";
/* Fill out the report, but don't do anything that requires allocation. */
JSErrorReport report;
PodZero(&report);
report.flags = JSREPORT_ERROR;
report.errorNumber = JSMSG_OUT_OF_MEMORY;
PopulateReportBlame(cx, &report);
/*
* We clear a pending exception, if any, now so the hook can replace the
* out-of-memory error by a script-catchable exception.
*/
cx->clearPendingException();
if (onError) {
/* Report the error. */
if (JSErrorReporter onError = cx->errorReporter) {
AutoSuppressGC suppressGC(cx);
onError(cx, msg, &report);
}

View File

@ -1,49 +0,0 @@
// |reftest| skip-if(!xulRuntime.shell&&((Android||(isDebugBuild&&xulRuntime.OS=="Linux")||xulRuntime.XPCOMABI.match(/x86_64/)))) silentfail slow -- can fail silently due to out of memory, bug 615011 - timeouts on slow debug Linux
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
//-----------------------------------------------------------------------------
var BUGNUMBER = 336409;
var summary = 'Integer overflow in js_obj_toSource';
var actual = 'No Crash';
var expect = /(No Crash|InternalError: allocation size overflow)/;
printBugNumber(BUGNUMBER);
printStatus (summary);
expectExitCode(0);
expectExitCode(5);
function createString(n)
{
var l = n*1024*1024;
var r = 'r';
while (r.length < l)
{
r = r + r;
}
return r;
}
try
{
var n = 128;
printStatus('Creating ' + n + 'MB string');
var r = createString(n);
printStatus('Done. length = ' + r.length);
printStatus('Creating object');
var o = {f1: r, f2: r, f3: r,f4: r,f5: r, f6: r, f7: r, f8: r,f9: r};
printStatus('object.toSource()');
var rr = o.toSource();
printStatus('Done.');
}
catch(ex)
{
actual = ex + '';
print(actual);
}
reportMatch(expect, actual, summary);

View File

@ -110,6 +110,7 @@
macro(objectUndefined, objectUndefined, "[object Undefined]") \
macro(of, of, "of") \
macro(offset, offset, "offset") \
macro(outOfMemory, outOfMemory, "out of memory") \
macro(parseFloat, parseFloat, "parseFloat") \
macro(parseInt, parseInt, "parseInt") \
macro(pattern, pattern, "pattern") \