From d1af2f8e9ea065a03525a4e8acb384821f2951ca Mon Sep 17 00:00:00 2001 From: Nicholas Nethercote Date: Fri, 8 Nov 2013 09:52:14 +1100 Subject: [PATCH] Bug 634417 - Remove inappropriate uses of vanilla malloc/calloc/realloc/free/strdup from SpiderMonkey. r=luke. --HG-- extra : rebase_source : 4470cdf58a482eb05f94cd00a9800d8e6a0d2252 --- js/public/Utility.h | 2 ++ js/src/TraceLogging.cpp | 8 ++++---- js/src/assembler/assembler/AssemblerBuffer.h | 6 +++--- .../assembler/AssemblerBufferWithConstantPool.h | 8 ++++---- js/src/builtin/Profilers.cpp | 9 +++++++-- js/src/jit/AsmJS.cpp | 2 +- js/src/jit/AsmJSModule.cpp | 10 ++++++---- js/src/jit/MIR.cpp | 4 ++-- js/src/jit/MIR.h | 2 +- js/src/jsapi.h | 2 +- js/src/jsprf.cpp | 8 ++++---- js/src/shell/js.cpp | 8 ++++---- 12 files changed, 39 insertions(+), 30 deletions(-) diff --git a/js/public/Utility.h b/js/public/Utility.h index 1755831f30f..32f39f6a73a 100644 --- a/js/public/Utility.h +++ b/js/public/Utility.h @@ -100,6 +100,8 @@ PrintBacktrace() fprintf(stderr, "#%d %s\n", OOM_traceIdx, OOM_traceSymbols[OOM_traceIdx]); } + // This must be free(), not js_free(), because backtrace_symbols() + // allocates with malloc(). free(OOM_traceSymbols); } diff --git a/js/src/TraceLogging.cpp b/js/src/TraceLogging.cpp index 161fcfe3627..520480a992f 100644 --- a/js/src/TraceLogging.cpp +++ b/js/src/TraceLogging.cpp @@ -109,7 +109,7 @@ TraceLogging::~TraceLogging() { if (entries) { flush(); - free(entries); + js_free(entries); entries = nullptr; } @@ -122,7 +122,7 @@ TraceLogging::~TraceLogging() void TraceLogging::grow() { - Entry* nentries = (Entry*) realloc(entries, numEntries*2*sizeof(Entry)); + Entry* nentries = (Entry*) js_realloc(entries, numEntries*2*sizeof(Entry)); // Allocating a bigger array failed. // Keep using the current storage, but remove all entries by flushing them. @@ -142,7 +142,7 @@ TraceLogging::log(Type type, const char* text /* = nullptr */, unsigned int numb // Create array containing the entries if not existing. if (!entries) { - entries = (Entry*) malloc(numEntries*sizeof(Entry)); + entries = (Entry*) js_malloc(numEntries*sizeof(Entry)); if (!entries) return; } @@ -248,7 +248,7 @@ TraceLogging::flush() } if (entries[i].text() != nullptr) { - free(entries[i].text()); + js_free(entries[i].text()); entries[i].text_ = nullptr; } } diff --git a/js/src/assembler/assembler/AssemblerBuffer.h b/js/src/assembler/assembler/AssemblerBuffer.h index f4edf0af2d3..6d022d6d862 100644 --- a/js/src/assembler/assembler/AssemblerBuffer.h +++ b/js/src/assembler/assembler/AssemblerBuffer.h @@ -70,7 +70,7 @@ namespace JSC { ~AssemblerBuffer() { if (m_buffer != m_inlineBuffer) - free(m_buffer); + js_free(m_buffer); } void ensureSpace(int space) @@ -222,7 +222,7 @@ namespace JSC { } if (m_buffer == m_inlineBuffer) { - newBuffer = static_cast(malloc(newCapacity)); + newBuffer = static_cast(js_malloc(newCapacity)); if (!newBuffer) { m_size = 0; m_oom = true; @@ -230,7 +230,7 @@ namespace JSC { } memcpy(newBuffer, m_buffer, m_size); } else { - newBuffer = static_cast(realloc(m_buffer, newCapacity)); + newBuffer = static_cast(js_realloc(m_buffer, newCapacity)); if (!newBuffer) { m_size = 0; m_oom = true; diff --git a/js/src/assembler/assembler/AssemblerBufferWithConstantPool.h b/js/src/assembler/assembler/AssemblerBufferWithConstantPool.h index 519fc640699..bd9b4a890a4 100644 --- a/js/src/assembler/assembler/AssemblerBufferWithConstantPool.h +++ b/js/src/assembler/assembler/AssemblerBufferWithConstantPool.h @@ -106,14 +106,14 @@ public: , m_lastConstDelta(0) , m_flushCount(0) { - m_pool = static_cast(malloc(maxPoolSize)); - m_mask = static_cast(malloc(maxPoolSize / sizeof(uint32_t))); + m_pool = static_cast(js_malloc(maxPoolSize)); + m_mask = static_cast(js_malloc(maxPoolSize / sizeof(uint32_t))); } ~AssemblerBufferWithConstantPool() { - free(m_mask); - free(m_pool); + js_free(m_mask); + js_free(m_pool); } void ensureSpace(int space) diff --git a/js/src/builtin/Profilers.cpp b/js/src/builtin/Profilers.cpp index c0dc3a13994..44844f1ff61 100644 --- a/js/src/builtin/Profilers.cpp +++ b/js/src/builtin/Profilers.cpp @@ -519,10 +519,15 @@ bool js_StartPerf() flags = "--call-graph"; } - // Split |flags| on spaces. (Don't bother to free it -- we're going to + char *flags2 = (char *)js_malloc(strlen(flags) + 1); + if (!flags2) + return false; + strcpy(flags2, flags); + + // Split |flags2| on spaces. (Don't bother to free it -- we're going to // exec anyway.) char *toksave; - char *tok = strtok_r(strdup(flags), " ", &toksave); + char *tok = strtok_r(flags2, " ", &toksave); while (tok) { args.append(tok); tok = strtok_r(nullptr, " ", &toksave); diff --git a/js/src/jit/AsmJS.cpp b/js/src/jit/AsmJS.cpp index fc188ef8fec..2e345c7b93a 100644 --- a/js/src/jit/AsmJS.cpp +++ b/js/src/jit/AsmJS.cpp @@ -1323,7 +1323,7 @@ class MOZ_STACK_CLASS ModuleCompiler JS_ASSERT(errorOffset_ == UINT32_MAX); JS_ASSERT(str); errorOffset_ = offset; - errorString_ = strdup(str); + errorString_ = js_strdup(cx_, str); return false; } diff --git a/js/src/jit/AsmJSModule.cpp b/js/src/jit/AsmJSModule.cpp index e92d1af53f7..47a6c218201 100644 --- a/js/src/jit/AsmJSModule.cpp +++ b/js/src/jit/AsmJSModule.cpp @@ -731,9 +731,11 @@ GetCPUID(uint32_t *cpuId) class MachineId { uint32_t cpuId_; - mozilla::Vector buildId_; + js::Vector buildId_; public: + MachineId(ExclusiveContext *cx) : buildId_(cx) {} + bool extractCurrentState(ExclusiveContext *cx) { if (!cx->asmJSCacheOps().buildId) return false; @@ -913,7 +915,7 @@ js::StoreAsmJSModuleInCache(AsmJSParser &parser, const AsmJSStaticLinkData &linkData, ExclusiveContext *cx) { - MachineId machineId; + MachineId machineId(cx); if (!machineId.extractCurrentState(cx)) return; @@ -968,7 +970,7 @@ js::LookupAsmJSModuleInCache(ExclusiveContext *cx, { int64_t usecBefore = PRMJ_Now(); - MachineId machineId; + MachineId machineId(cx); if (!machineId.extractCurrentState(cx)) return true; @@ -982,7 +984,7 @@ js::LookupAsmJSModuleInCache(ExclusiveContext *cx, const uint8_t *cursor = entry.memory; - MachineId cachedMachineId; + MachineId cachedMachineId(cx); cursor = cachedMachineId.deserialize(cx, cursor); if (!cursor) return false; diff --git a/js/src/jit/MIR.cpp b/js/src/jit/MIR.cpp index b0d0784bd88..ff15b6d0fc5 100644 --- a/js/src/jit/MIR.cpp +++ b/js/src/jit/MIR.cpp @@ -818,7 +818,7 @@ MPhi::reserveLength(size_t length) { // Initializes a new MPhi to have an Operand vector of at least the given // capacity. This permits use of addInput() instead of addInputSlow(), the - // latter of which may call realloc(). + // latter of which may call realloc_(). JS_ASSERT(numOperands() == 0); #if DEBUG capacity_ = length; @@ -968,7 +968,7 @@ MPhi::addInputSlow(MDefinition *ins, bool *ptypeChange) uint32_t index = inputs_.length(); bool performingRealloc = !inputs_.canAppendWithoutRealloc(1); - // Remove all MUses from all use lists, in case realloc() moves. + // Remove all MUses from all use lists, in case realloc_() moves. if (performingRealloc) { for (uint32_t i = 0; i < index; i++) { MUse *use = &inputs_[i]; diff --git a/js/src/jit/MIR.h b/js/src/jit/MIR.h index 49dfd59b0dc..b95e0c8230e 100644 --- a/js/src/jit/MIR.h +++ b/js/src/jit/MIR.h @@ -4316,7 +4316,7 @@ class MPhi MOZ_FINAL : public MDefinition, public InlineForwardListNode // Use only if capacity has been reserved by reserveLength void addInput(MDefinition *ins); - // Appends a new input to the input vector. May call realloc(). + // Appends a new input to the input vector. May call realloc_(). // Prefer reserveLength() and addInput() instead, where possible. bool addInputSlow(MDefinition *ins, bool *ptypeChange = nullptr); diff --git a/js/src/jsapi.h b/js/src/jsapi.h index b7fd10b44c0..2cebd093153 100644 --- a/js/src/jsapi.h +++ b/js/src/jsapi.h @@ -4416,7 +4416,7 @@ typedef void // engine, it is critical that the buildId shall change for each new build of // the JS engine. typedef bool -(* BuildIdOp)(mozilla::Vector *buildId); +(* BuildIdOp)(js::Vector *buildId); struct AsmJSCacheOps { diff --git a/js/src/jsprf.cpp b/js/src/jsprf.cpp index 9f7e35cad6f..43dd8b5dfa7 100644 --- a/js/src/jsprf.cpp +++ b/js/src/jsprf.cpp @@ -370,7 +370,7 @@ cvt_ws(SprintfState *ss, const jschar *ws, int width, int prec, int flags) int result; /* * Supply nullptr as the JSContext; errors are not reported, - * and malloc() is used to allocate the buffer buffer. + * and js_malloc() is used to allocate the buffer. */ if (ws) { size_t wslen = js_strlen(ws); @@ -445,7 +445,7 @@ static struct NumArgState* BuildArgArray( const char *fmt, va_list ap, int* rv, if( number > NAS_DEFAULT_NUM ){ - nas = (struct NumArgState*)malloc( number * sizeof( struct NumArgState ) ); + nas = (struct NumArgState*)js_malloc( number * sizeof( struct NumArgState ) ); if( !nas ){ *rv = -1; return nullptr; @@ -1040,7 +1040,7 @@ JS_PUBLIC_API(uint32_t) JS_vsxprintf(JSStuffFunc func, void *arg, } /* -** Stuff routine that automatically grows the malloc'd output buffer +** Stuff routine that automatically grows the js_malloc'd output buffer ** before it overflows. */ static int GrowStuff(SprintfState *ss, const char *sp, uint32_t len) @@ -1073,7 +1073,7 @@ static int GrowStuff(SprintfState *ss, const char *sp, uint32_t len) } /* -** sprintf into a malloc'd buffer +** sprintf into a js_malloc'd buffer */ JS_PUBLIC_API(char *) JS_smprintf(const char *fmt, ...) { diff --git a/js/src/shell/js.cpp b/js/src/shell/js.cpp index 5a6a07e29b8..7e15bd8e803 100644 --- a/js/src/shell/js.cpp +++ b/js/src/shell/js.cpp @@ -291,7 +291,7 @@ GetLine(FILE *file, const char * prompt) } if (len + 1 == size) { size = size * 2; - char *tmp = (char *) realloc(buffer, size); + char *tmp = (char *) js_realloc(buffer, size); if (!tmp) { free(buffer); return nullptr; @@ -336,7 +336,7 @@ NewContextData() return nullptr; JSShellContextData *data = (JSShellContextData *) - calloc(sizeof(JSShellContextData), 1); + js_calloc(sizeof(JSShellContextData), 1); if (!data) return nullptr; data->startTime = PRMJ_Now(); @@ -5169,12 +5169,12 @@ ShellCloseAsmJSCacheEntryForWrite(HandleObject global, size_t serializedSize, ui } static bool -ShellBuildId(mozilla::Vector *buildId) +ShellBuildId(js::Vector *buildId) { // The browser embeds the date into the buildid and the buildid is embedded // in the binary, so every 'make' necessarily builds a new firefox binary. // Fortunately, the actual firefox executable is tiny -- all the code is in - // libxul.so and other shared modules -- so this isn't a big deal. No so + // libxul.so and other shared modules -- so this isn't a big deal. Not so // for the statically-linked JS shell. To avoid recompmiling js.cpp and // re-linking 'js' on every 'make', we use a constant buildid and rely on // the shell user to manually clear the cache (deleting the dir passed to