Bail out from on calling functions if an OOM occurs while during initial bytecode analysis, bug 727341. r=luke

2024-09-13 09:24:08 -07:00 · 2012-04-10 12:24:46 -07:00 · 2012-04-10 12:24:46 -07:00 · 77930876d9
commit 77930876d9
parent 495f50f17c
4 changed files with 13 additions and 6 deletions
--- a/js/src/jsinfer.cpp
+++ b/js/src/jsinfer.cpp
@ -5310,8 +5310,10 @@ JSScript::makeTypes(JSContext *cx)

    if (!cx->typeInferenceEnabled()) {
        types = (TypeScript *) cx->calloc_(sizeof(TypeScript));
-        if (!types)
+        if (!types) {
+            js_ReportOutOfMemory(cx);
            return false;
+        }
        new(types) TypeScript();
        return true;
    }
--- a/js/src/jsinferinlines.h
+++ b/js/src/jsinferinlines.h
@ -329,7 +329,7 @@ MarkIteratorUnknown(JSContext *cx)
 * Monitor a javascript call, either on entry to the interpreter or made
 * from within the interpreter.
 */
-inline void
+inline bool
 TypeMonitorCall(JSContext *cx, const js::CallArgs &args, bool constructing)
 {
    extern void TypeMonitorCallSlow(JSContext *cx, JSObject *callee,
@ -341,11 +341,13 @@ TypeMonitorCall(JSContext *cx, const js::CallArgs &args, bool constructing)
        if (fun->isInterpreted()) {
            JSScript *script = fun->script();
            if (!script->ensureRanAnalysis(cx, fun->environment()))
-                return;
+                return false;
            if (cx->typeInferenceEnabled())
                TypeMonitorCallSlow(cx, callee, args, constructing);
        }
    }
+
+    return true;
 }

 inline bool
--- a/js/src/jsinterp.cpp
+++ b/js/src/jsinterp.cpp
@ -515,7 +515,8 @@ js::InvokeKernel(JSContext *cx, CallArgs args, MaybeConstruct construct)
    if (fun->isNative())
        return CallJSNative(cx, fun->native(), args);

-    TypeMonitorCall(cx, args, construct);
+    if (!TypeMonitorCall(cx, args, construct))
+        return false;

    /* Get pointer to new frame/slots, prepare arguments. */
    InvokeFrameGuard ifg;
@ -2693,7 +2694,8 @@ BEGIN_CASE(JSOP_FUNCALL)
        DO_NEXT_OP(len);
    }

-    TypeMonitorCall(cx, args, construct);
+    if (!TypeMonitorCall(cx, args, construct))
+        goto error;

    InitialFrameFlags initial = construct ? INITIAL_CONSTRUCT : INITIAL_NONE;

--- a/js/src/methodjit/InvokeHelpers.cpp
+++ b/js/src/methodjit/InvokeHelpers.cpp
@ -298,7 +298,8 @@ UncachedInlineCall(VMFrame &f, InitialFrameFlags initial,
    bool newType = construct && cx->typeInferenceEnabled() &&
        types::UseNewType(cx, f.script(), f.pc());

-    types::TypeMonitorCall(cx, args, construct);
+    if (!types::TypeMonitorCall(cx, args, construct))
+        return false;

    /* Try to compile if not already compiled. */
    CompileStatus status = CanMethodJIT(cx, newscript, newscript->code, construct, CompileRequest_Interpreter);