Closed
Bug 989613
Opened 10 years ago
Closed 10 years ago
OOM: Check oom of SnapshotWriter::allocWriter_
Categories
(Core :: JavaScript Engine: JIT, defect)
Core
JavaScript Engine: JIT
Tracking
()
RESOLVED
FIXED
mozilla31
| Tracking | Status | |
|---|---|---|
| firefox28 | --- | unaffected |
| firefox29 | --- | unaffected |
| firefox30 | --- | unaffected |
| firefox31 | --- | fixed |
| firefox-esr24 | --- | unaffected |
| b2g-v1.2 | --- | unaffected |
| b2g-v1.3 | --- | unaffected |
| b2g-v1.4 | --- | unaffected |
| b2g-v2.0 | --- | fixed |
People
(Reporter: nbp, Assigned: nbp)
References
Details
(Keywords: sec-low, Whiteboard: [qa-])
Attachments
(1 file)
|
906 bytes,
patch
|
h4writer
:
review+
|
Details | Diff | Splinter Review |
Bug 962555 part 5 adds a new CompactBufferWriter, but the oom method of SnapshotWriter was not updated.
Attachment #8398931 -
Flags: review?(hv1989)
|
||
Comment 1•10 years ago
|
||
Comment on attachment 8398931 [details] [diff] [review] Add oom checks Review of attachment 8398931 [details] [diff] [review]: ----------------------------------------------------------------- Good find! Sorry I overlooked this when reviewing part 5. ::: js/src/jit/Snapshots.h @@ +340,5 @@ > void endSnapshot(); > > bool oom() const { > + return writer_.oom() || writer_.length() >= MAX_BUFFER_SIZE > + || allocWriter_.oom() || allocWriter_.length() >= MAX_BUFFER_SIZE; Style nit: the || should be on the previous line.
Attachment #8398931 -
Flags: review?(hv1989) → review+
|
Assignee | |
Comment 2•10 years ago
|
||
The problem appears with changeset 69bc4df5ede5 which is only on nightly for the moment.
status-firefox30:
--- → unaffected
status-firefox31:
--- → affected
|
|
Assignee | |
Comment 3•10 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/59c24af38f64
|
||
Comment 4•10 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/59c24af38f64
Assignee: nobody → nicolas.b.pierron
Status: NEW → RESOLVED
Closed: 10 years ago
status-b2g-v1.2:
--- → unaffected
status-b2g-v1.3:
--- → unaffected
status-b2g-v1.4:
--- → unaffected
status-b2g-v2.0:
--- → fixed
status-firefox28:
--- → unaffected
status-firefox29:
--- → unaffected
status-firefox-esr24:
--- → unaffected
Resolution: --- → FIXED
Target Milestone: --- → mozilla31
|
||
Updated•10 years ago
|
Group: javascript-core-security → core-security
|
||
Comment 5•10 years ago
|
||
Marking [qa-] due to lack of test or STR. If you would like verification, please feel free to provide something to test with. Thank you.
Whiteboard: [qa-]
|
||
Updated•9 years ago
|
Group: core-security → core-security-release
|
|
||
Updated•8 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•