64-bit fixes for problems reported by edwin@cheatah.nl (many thanks to Edwin; 410941, r=igor).

2008-01-07 00:41:06 -08:00 · 2008-01-07 00:41:06 -08:00 · 960c2fb3f2
--- a/js/src/jsarray.c
+++ b/js/src/jsarray.c
@ -1101,10 +1101,12 @@ array_sort(JSContext *cx, uintN argc, jsval *vp)
     * overflow size_t, which would allow for indexing beyond the end of the
     * malloc'd vector.
     */
-    if (len > (size_t) -1 / (2 * sizeof(jsval))) {
+#if JS_BITS_PER_WORD == 32
+    if ((size_t)len > ~(size_t)0 / (2 * sizeof(jsval))) {
        JS_ReportOutOfMemory(cx);
        return JS_FALSE;
    }
+#endif
    vec = (jsval *) JS_malloc(cx, 2 * (size_t) len * sizeof(jsval));
    if (!vec)
        return JS_FALSE;
@ -1203,11 +1205,13 @@ array_sort(JSContext *cx, uintN argc, jsval *vp)
             * realloc only when we know that we successfully converted all
             * the elements.
             */
-            if (newlen > (size_t) -1 / (4 * sizeof(jsval))) {
+#if JS_BITS_PER_WORD == 32
+            if ((size_t)newlen > ~(size_t)0 / (4 * sizeof(jsval))) {
                JS_ReportOutOfMemory(cx);
                ok = JS_FALSE;
                goto out;
            }
+#endif

            /*
             * Rearrange and string-convert the elements of the vector from
--- a/js/src/jscntxt.h
+++ b/js/src/jscntxt.h
@ -556,7 +556,7 @@ JS_STATIC_ASSERT(sizeof(JSTempValueUnion) == sizeof(JSObject *));

 #define JS_PUSH_TEMP_ROOT(cx,cnt,arr,tvr)                                     \
    JS_BEGIN_MACRO                                                            \
-        JS_ASSERT((ptrdiff_t)(cnt) >= 0);                                     \
+        JS_ASSERT((int)(cnt) >= 0);                                           \
        (tvr)->count = (ptrdiff_t)(cnt);                                      \
        (tvr)->u.array = (arr);                                               \
        JS_PUSH_TEMP_ROOT_COMMON(cx, tvr);                                    \
--- a/js/src/jsgc.c
+++ b/js/src/jsgc.c
@ -260,7 +260,7 @@ static JSBool js_gcUseMmap = JS_FALSE;

 #define ARENA_START_TO_INFO(arenaStart)                                       \
    (JS_ASSERT(((arenaStart) & (jsuword) GC_ARENA_MASK) == 0),                \
-     (JSGCArenaInfo *) ((arenaStart) + ARENA_INFO_OFFSET))
+     (JSGCArenaInfo *) ((arenaStart) + (jsuword) ARENA_INFO_OFFSET))

 #define ARENA_INFO_TO_START(arena)                                            \
    (JS_ASSERT(IS_ARENA_INFO_ADDRESS(arena)),                                 \
@ -268,7 +268,7 @@ static JSBool js_gcUseMmap = JS_FALSE;

 #define ARENA_PAGE_TO_INFO(arenaPage)                                         \
    (JS_ASSERT(arenaPage != 0),                                               \
-     JS_ASSERT(((arenaPage) >> (JS_BITS_PER_WORD - GC_ARENA_SHIFT)) == 0),    \
+     JS_ASSERT(!((jsuword)(arenaPage) >> (JS_BITS_PER_WORD-GC_ARENA_SHIFT))), \
     ARENA_START_TO_INFO((arenaPage) << GC_ARENA_SHIFT))

 #define ARENA_INFO_TO_PAGE(arena)                                             \
--- a/js/src/jsxml.c
+++ b/js/src/jsxml.c
@ -1069,7 +1069,10 @@ XMLArraySetCapacity(JSContext *cx, JSXMLArray *array, uint32 capacity)
            free(array->vector);
        vector = NULL;
    } else {
-        if ((size_t)capacity > ~(size_t)0 / sizeof(void *) ||
+        if (
+#if JS_BITS_PER_WORD == 32
+            (size_t)capacity > ~(size_t)0 / sizeof(void *) ||
+#endif
            !(vector = (void **)
                       realloc(array->vector, capacity * sizeof(void *)))) {
            if (cx)
@ -1164,7 +1167,10 @@ XMLArrayAddMember(JSContext *cx, JSXMLArray *array, uint32 index, void *elt)
                JS_CEILING_LOG2(log2, capacity);
                capacity = JS_BIT(log2);
            }
-            if ((size_t)capacity > ~(size_t)0 / sizeof(void *) ||
+            if (
+#if JS_BITS_PER_WORD == 32
+                (size_t)capacity > ~(size_t)0 / sizeof(void *) ||
+#endif
                !(vector = (void **)
                           realloc(array->vector, capacity * sizeof(void *)))) {
                JS_ReportOutOfMemory(cx);