wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Bug 979721 - Don't leak bailout buffer when overrecursion check fails. r=djvj

Browse Source
This commit is contained in:
Jan de Mooij 2014-03-06 11:30:36 +01:00
parent 079b02433f
commit 6c3ab42325
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
js/src/jit/BaselineBailouts.cpp
View File

@ -1361,12 +1361,9 @@ jit::BailoutIonToBaseline(JSContext *cx, JitActivation *activation, IonBailoutIt
mozilla::PodCopy(argv, startFrameFormals.begin(), startFrameFormals.length());
}
// Take the reconstructed baseline stack so it doesn't get freed when builder destructs.
BaselineBailoutInfo *info = builder.takeBuffer();
info->numFrames = frameNo + 1;
// Do stack check.
bool overRecursed = false;
BaselineBailoutInfo *info = builder.info();
uint8_t *newsp = info->incomingStack - (info->copyStackTop - info->copyStackBottom);
#ifdef JS_ARM_SIMULATOR
if (Simulator::Current()->overRecursed(uintptr_t(newsp)))
@ -1379,6 +1376,9 @@ jit::BailoutIonToBaseline(JSContext *cx, JitActivation *activation, IonBailoutIt
return BAILOUT_RETURN_OVERRECURSED;
}
// Take the reconstructed baseline stack so it doesn't get freed when builder destructs.
info = builder.takeBuffer();
info->numFrames = frameNo + 1;
info->bailoutKind = bailoutKind;
*bailoutInfo = info;
return BAILOUT_RETURN_OK;