Closed
Bug 1341596
Opened 9 years ago
Closed 9 years ago
Nursery::init leaves mallocedBuffers uninitialised if nursery size is small
Categories
(Core :: JavaScript: GC, defect)
Core
JavaScript: GC
Tracking
()
RESOLVED
FIXED
People
(Reporter: jonco, Assigned: jonco)
References
Details
Attachments
(1 file)
|
1.43 KB,
patch
|
jandem
:
review+
|
Details | Diff | Splinter Review |
As found in bug 1341026.
When creating the nursery we return early if the size requested is less than a chunk. This leaves mallocedBuffers uninitialised, which can causes problems later on when it's used via NativeObject::shrinkSlots / FreeSlots / Nursery::freeBuffer.
|
Assignee | |
Comment 1•9 years ago
|
||
Initialise nursery data structures first before returning early if the nursery size is zero. This prevents FreeSlots / Nursery::removeMallocedBuffer from attempting to use mallocedBuffers before it has been initialised.
Assignee: nobody → jcoppeard
Attachment #8857427 -
Flags: review?(jdemooij)
|
||
Comment 2•9 years ago
|
||
Comment on attachment 8857427 [details] [diff] [review]
bug1341026-nursery-init
Review of attachment 8857427 [details] [diff] [review]:
-----------------------------------------------------------------
LGTM.
Attachment #8857427 -
Flags: review?(jdemooij) → review+
|
|
Assignee | |
Comment 3•9 years ago
|
||
I landed this patch with the wrong bug number (bug 1341026, where this originally came from). This is fixed now.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•