Bug 774760 - Fix unaligned PCCounts double access (r=luke)

--HG--
extra : rebase_source : ac9c1d9cb21611a5c23ca92a187b7f3e0e422cf4

js/src/jsopcode.h

@@ -497,6 +497,8 @@ class PCCounts
     double *counts;
 #ifdef DEBUG
     size_t capacity;
+#elif JS_BITS_PER_WORD == 32
+    void *padding;
 #endif
 
  public:
@@ -615,6 +617,9 @@ class PCCounts
     }
 };
 
+/* Necessary for alignment with the script. */
+JS_STATIC_ASSERT(sizeof(PCCounts) % sizeof(Value) == 0);
+
 } /* namespace js */
 
 #if defined(DEBUG)

js/src/jsscript.cpp

@@ -853,6 +853,7 @@ JSScript::initScriptCounts(JSContext *cx)
     cursor += length * sizeof(PCCounts);
 
     for (pc = code; pc < code + length; pc = next) {
+        JS_ASSERT(uintptr_t(cursor) % sizeof(double) == 0);
         scriptCounts.pcCountsVector[pc - code].counts = (double *) cursor;
         size_t capacity = PCCounts::numCounts(JSOp(*pc));
 #ifdef DEBUG