From 1208fb1470f5adc3c317c5386b8b8acba7324c6d Mon Sep 17 00:00:00 2001 From: "Nicolas B. Pierron" Date: Thu, 11 Feb 2016 17:50:53 +0000 Subject: [PATCH] Bug 1245162 - Ensure enough ballast space in ValueNumberer::visitBlock. r=sunfish --- js/src/jit/ValueNumbering.cpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/js/src/jit/ValueNumbering.cpp b/js/src/jit/ValueNumbering.cpp index bb09614b80c5..6acaa311e151 100644 --- a/js/src/jit/ValueNumbering.cpp +++ b/js/src/jit/ValueNumbering.cpp @@ -949,6 +949,8 @@ ValueNumberer::visitBlock(MBasicBlock* block, const MBasicBlock* dominatorRoot) // Visit the definitions in the block top-down. MOZ_ASSERT(nextDef_ == nullptr); for (MDefinitionIterator iter(block); iter; ) { + if (!graph_.alloc().ensureBallast()) + return nullptr; MDefinition* def = *iter++; // Remember where our iterator is so that we don't invalidate it.