Bug 865960 - JS OOM should throw instead of silently stopping execution (r=billm)

--HG-- extra : rebase_source : 39eb34b736e142bb40b68ec25f335ed6283a1570
2024-09-13 09:24:08 -07:00 · 2013-05-01 11:04:06 -07:00 · 2013-05-01 11:04:06 -07:00 · 7603c83466
commit 7603c83466
parent a1d2ac3f66
5 changed files with 22 additions and 20 deletions
--- a/js/src/jscntxt.cpp
+++ b/js/src/jscntxt.cpp
@ -487,37 +487,38 @@ PopulateReportBlame(JSContext *cx, JSErrorReport *report)
 }

 /*
- * We don't post an exception in this case, since doing so runs into
- * complications of pre-allocating an exception object which required
- * running the Exception class initializer early etc.
- * Instead we just invoke the errorReporter with an "Out Of Memory"
- * type message, and then hope the process ends swiftly.
+ * Since memory has been exhausted, avoid the normal error-handling path which
+ * allocates an error object, report and callstack. If code is running, simply
+ * throw the static atom "out of memory". If code is not running, call the
+ * error reporter directly.
+ *
+ * Furthermore, callers of js_ReportOutOfMemory (viz., malloc) assume a GC does
+ * not occur, so GC must be avoided or suppressed.
 */
 void
 js_ReportOutOfMemory(JSContext *cx)
 {
    cx->runtime->hadOutOfMemory = true;

-    JSErrorReport report;
-    JSErrorReporter onError = cx->errorReporter;
+    if (JS_IsRunning(cx)) {
+        cx->setPendingException(StringValue(cx->names().outOfMemory));
+        return;
+    }

-    /* Get the message for this error, but we won't expand any arguments. */
+    /* Get the message for this error, but we don't expand any arguments. */
    const JSErrorFormatString *efs =
        js_GetLocalizedErrorMessage(cx, NULL, NULL, JSMSG_OUT_OF_MEMORY);
    const char *msg = efs ? efs->format : "Out of memory";

    /* Fill out the report, but don't do anything that requires allocation. */
+    JSErrorReport report;
    PodZero(&report);
    report.flags = JSREPORT_ERROR;
    report.errorNumber = JSMSG_OUT_OF_MEMORY;
    PopulateReportBlame(cx, &report);

-    /*
-     * We clear a pending exception, if any, now so the hook can replace the
-     * out-of-memory error by a script-catchable exception.
-     */
-    cx->clearPendingException();
-    if (onError) {
+    /* Report the error. */
+    if (JSErrorReporter onError = cx->errorReporter) {
        AutoSuppressGC suppressGC(cx);
        onError(cx, msg, &report);
    }
--- a/js/src/tests/js1_5/extensions/regress-336409-2.js
+++ b/js/src/tests/js1_5/extensions/regress-336409-2.js
@ -1,4 +1,4 @@
-// |reftest| skip-if(!xulRuntime.shell&&((Android||(isDebugBuild&&xulRuntime.OS=="Linux")||xulRuntime.XPCOMABI.match(/x86_64/)))) silentfail slow -- can fail silently due to out of memory, bug 615011 - timeouts on slow debug Linux
+// |reftest| skip-if(!xulRuntime.shell&&((Android||(isDebugBuild&&xulRuntime.OS=="Linux")||xulRuntime.XPCOMABI.match(/x86_64/)))) slow -- can fail silently due to out of memory, bug 615011 - timeouts on slow debug Linux
 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
@ -8,7 +8,7 @@
 var BUGNUMBER = 336409;
 var summary = 'Integer overflow in js_obj_toSource';
 var actual = 'No Crash';
-var expect = /(No Crash|InternalError: allocation size overflow)/;
+var expect = /(No Crash|InternalError: allocation size overflow|out of memory)/;

 printBugNumber(BUGNUMBER);
 printStatus (summary);
--- a/js/src/tests/js1_5/extensions/regress-336410-1.js
+++ b/js/src/tests/js1_5/extensions/regress-336410-1.js
@ -1,4 +1,4 @@
-// |reftest| skip-if(!xulRuntime.shell||Android) silentfail slow -- can fail silently due to out of memory
+// |reftest| skip-if(!xulRuntime.shell||Android) slow -- can fail silently due to out of memory
 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
@ -42,7 +42,7 @@ try
 }
 catch(ex)
 {
-  expect = 'InternalError: allocation size overflow';
+  expect = '\(InternalError: allocation size overflow|out of memory\)';
  actual = ex + '';
  print(actual);
 }
--- a/js/src/tests/js1_5/extensions/regress-336410-2.js
+++ b/js/src/tests/js1_5/extensions/regress-336410-2.js
@ -1,4 +1,4 @@
-// |reftest| skip-if(!xulRuntime.shell&&((isDebugBuild&&xulRuntime.OS=="Linux")||Android||xulRuntime.XPCOMABI.match(/x86_64/)||xulRuntime.OS=="WINNT")) silentfail slow -- can fail silently due to out of memory, bug 621348 - timeouts on slow debug Linux
+// |reftest| skip-if(!xulRuntime.shell&&((isDebugBuild&&xulRuntime.OS=="Linux")||Android||xulRuntime.XPCOMABI.match(/x86_64/)||xulRuntime.OS=="WINNT")) slow -- can fail silently due to out of memory, bug 621348 - timeouts on slow debug Linux
 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
@ -8,7 +8,7 @@
 var BUGNUMBER = 336410;
 var summary = 'Integer overflow in array_toSource';
 var actual = 'No Crash';
-var expect = /(No Crash|InternalError: allocation size overflow)/;
+var expect = /(No Crash|InternalError: allocation size overflow|out of memory)/;

 printBugNumber(BUGNUMBER);
 printStatus (summary);
--- a/js/src/vm/CommonPropertyNames.h
+++ b/js/src/vm/CommonPropertyNames.h
@ -110,6 +110,7 @@
    macro(objectUndefined, objectUndefined, "[object Undefined]") \
    macro(of, of, "of") \
    macro(offset, offset, "offset") \
+    macro(outOfMemory, outOfMemory, "out of memory") \
    macro(parseFloat, parseFloat, "parseFloat") \
    macro(parseInt, parseInt, "parseInt") \
    macro(pattern, pattern, "pattern") \