wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Bug 502832 - TM: Crash [@ memcpy]. r=graydon.

Browse Source 
--HG--
extra : rebase_source : 2b58bcfbba855e12b0e24ac6d423f4c1621cea12
This commit is contained in:
Jason Orendorff 2009-07-14 17:45:01 -05:00
parent ab59c893c4
commit d3f1ccb6c5
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
js/src/jstracer.cpp
View File

@ -2879,7 +2879,9 @@ TraceRecorder::snapshot(ExitType exitType)
/* Capture the type map into a temporary location. */
unsigned ngslots = treeInfo->globalSlots->length();
unsigned typemap_size = (stackSlots + ngslots) * sizeof(JSTraceType);
JSTraceType* typemap = (JSTraceType*)alloca(typemap_size);
void *mark = JS_ARENA_MARK(&cx->tempPool);
JSTraceType* typemap;
JS_ARENA_ALLOCATE_CAST(typemap, JSTraceType*, &cx->tempPool, typemap_size);
/*
* Determine the type of a store by looking at the current type of the
@ -2927,6 +2929,7 @@ TraceRecorder::snapshot(ExitType exitType)
ngslots == e->numGlobalSlots &&
!memcmp(getFullTypeMap(exits[n]), typemap, typemap_size)) {
AUDIT(mergedLoopExits);
JS_ARENA_RELEASE(&cx->tempPool, mark);
return e;
}
}
@ -2943,6 +2946,7 @@ TraceRecorder::snapshot(ExitType exitType)
*/
stackSlots = 0;
ngslots = 0;
typemap_size = 0;
trashSelf = true;
}
@ -2968,6 +2972,8 @@ TraceRecorder::snapshot(ExitType exitType)
exit->nativeCalleeWord = 0;
exit->lookupFlags = js_InferFlags(cx, 0);
memcpy(getFullTypeMap(exit), typemap, typemap_size);
JS_ARENA_RELEASE(&cx->tempPool, mark);
return exit;
}