wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Bug 999140 - Mapped array buffers need a safety buffer, r=Waldo

Browse Source 
--HG--
extra : rebase_source : 03e97115af90ea27f6f2a658bea5af6552b2a588
This commit is contained in:
Steve Fink 2014-04-25 13:46:26 -07:00
parent 73af1e6314
commit bd48f05301
2 changed files with 7 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
js/src/vm/ArrayBufferObject.cpp
View File

@ -343,9 +343,7 @@ ArrayBufferObject::neuter(JSContext *cx, Handle<ArrayBufferObject*> buffer, void
MarkObjectStateChange(cx, view);
}
if (buffer->isMappedArrayBuffer())
buffer->setNewOwnedData(cx->runtime()->defaultFreeOp(), nullptr);
else if (newData != buffer->dataPointer())
if (newData != buffer->dataPointer())
buffer->setNewOwnedData(cx->runtime()->defaultFreeOp(), newData);
buffer->setByteLength(0);
@ -375,7 +373,6 @@ ArrayBufferObject::setNewOwnedData(FreeOp* fop, void *newData)
{
JS_ASSERT(!isAsmJSArrayBuffer());
JS_ASSERT(!isSharedArrayBuffer());
JS_ASSERT_IF(isMappedArrayBuffer(), !newData);
if (ownsData()) {
JS_ASSERT(newData != dataPointer());
@ -536,7 +533,7 @@ ArrayBufferObject::canNeuterAsmJSArrayBuffer(JSContext *cx, ArrayBufferObject &b
}
void *
ArrayBufferObject::createMappedArrayBuffer(int fd, size_t offset, size_t length)
ArrayBufferObject::createMappedContents(int fd, size_t offset, size_t length)
{
return AllocateMappedContent(fd, offset, length, ARRAY_BUFFER_ALIGNMENT);
}
@ -749,14 +746,9 @@ ArrayBufferObject::stealContents(JSContext *cx, Handle<ArrayBufferObject*> buffe
}
void *oldData = buffer->dataPointer();
void *newData;
if (buffer->isMappedArrayBuffer())
newData = oldData;
else {
newData = AllocateArrayBufferContents(cx, buffer->byteLength());
void *newData = AllocateArrayBufferContents(cx, buffer->byteLength());
if (!newData)
return nullptr;
}
if (buffer->hasStealableContents()) {
buffer->setOwnsData(DoesntOwnData);
@ -1111,7 +1103,7 @@ JS_NewMappedArrayBufferWithContents(JSContext *cx, size_t nbytes, void *contents
JS_PUBLIC_API(void *)
JS_CreateMappedArrayBufferContents(int fd, size_t offset, size_t length)
{
return ArrayBufferObject::createMappedArrayBuffer(fd, offset, length);
return ArrayBufferObject::createMappedContents(fd, offset, length);
}
JS_PUBLIC_API(void)
@ -1194,4 +1186,3 @@ JS_GetObjectAsArrayBuffer(JSObject *obj, uint32_t *length, uint8_t **data)
return obj;
}

2
js/src/vm/ArrayBufferObject.h
View File

@ -161,7 +161,7 @@ class ArrayBufferObject : public JSObject
static void finalize(FreeOp *fop, JSObject *obj);
static void *createMappedArrayBuffer(int fd, size_t offset, size_t length);
static void *createMappedContents(int fd, size_t offset, size_t length);
static size_t flagsOffset() {
return getFixedSlotOffset(FLAGS_SLOT);