From 3969a194bdef22489606da25c0b0e872fe636ad8 Mon Sep 17 00:00:00 2001 From: "Nicolas B. Pierron" Date: Mon, 17 Aug 2015 10:43:54 +0200 Subject: [PATCH] Bug 1178033 - XDRBuffer: Replace isUint32Overflow by a simple check of the capacity max. r=luke --- js/src/vm/Xdr.cpp | 11 +++++++---- js/src/vm/Xdr.h | 4 ---- 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/js/src/vm/Xdr.cpp b/js/src/vm/Xdr.cpp index f77deee3ede2..ce0eb8125d69 100644 --- a/js/src/vm/Xdr.cpp +++ b/js/src/vm/Xdr.cpp @@ -30,16 +30,19 @@ XDRBuffer::grow(size_t n) MOZ_ASSERT(n > size_t(limit - cursor)); const size_t MIN_CAPACITY = 8192; + const size_t MAX_CAPACITY = size_t(INT32_MAX) + 1; size_t offset = cursor - base; - size_t newCapacity = mozilla::RoundUpPow2(offset + n); - if (newCapacity < MIN_CAPACITY) - newCapacity = MIN_CAPACITY; - if (isUint32Overflow(newCapacity)) { + MOZ_ASSERT(offset <= MAX_CAPACITY); + if (n > MAX_CAPACITY - offset) { js::gc::AutoSuppressGC suppressGC(cx()); JS_ReportErrorNumber(cx(), GetErrorMessage, nullptr, JSMSG_TOO_BIG_TO_ENCODE); return false; } + size_t newCapacity = mozilla::RoundUpPow2(offset + n); + if (newCapacity < MIN_CAPACITY) + newCapacity = MIN_CAPACITY; + MOZ_ASSERT(newCapacity <= MAX_CAPACITY); void* data = js_realloc(base, newCapacity); if (!data) { ReportOutOfMemory(cx()); diff --git a/js/src/vm/Xdr.h b/js/src/vm/Xdr.h index 10e9422d87ad..1691c11a5681 100644 --- a/js/src/vm/Xdr.h +++ b/js/src/vm/Xdr.h @@ -85,10 +85,6 @@ class XDRBuffer { return ptr; } - static bool isUint32Overflow(size_t n) { - return size_t(-1) > size_t(UINT32_MAX) && n > size_t(UINT32_MAX); - } - void freeBuffer(); private: