Bug 764165 - Poison freed IonCode buffers. r=dvander

This commit is contained in:
Sean Stangl 2012-06-12 14:29:07 -07:00
parent 23314d5daa
commit 4fa2da6b26

View File

@ -343,6 +343,12 @@ void
IonCode::finalize(FreeOp *fop)
{
JS_ASSERT(!fop->onBackgroundThread());
// Buffer can be freed at any time hereafter. Catch use-after-free bugs.
JS_POISON(code_, JS_FREE_PATTERN, bufferSize_);
// Code buffers are stored inside JSC pools.
// Pools are refcounted. Releasing the pool may free it.
if (pool_)
pool_->release();
}