From 9cb6c17ff5c316a96d5d8a99b7496ad72acb2a7d Mon Sep 17 00:00:00 2001 From: Benjamin Bouvier Date: Tue, 24 Nov 2015 19:35:19 +0100 Subject: [PATCH] Bug 1227642: Make data a ScopedJSFreePtr in js::detail::CopyScript to ensure it doesn't leak; r=jonco --HG-- extra : rebase_source : ccf4034cc9a0770f9af9391be72ef211a6d71edd extra : amend_source : 08542020a95717fcc1552755ddeba46ecc79b702 --- js/src/jsscript.cpp | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/js/src/jsscript.cpp b/js/src/jsscript.cpp index 148a20d2726a..693f2fdf2e82 100644 --- a/js/src/jsscript.cpp +++ b/js/src/jsscript.cpp @@ -2820,9 +2820,9 @@ JSScript::partiallyInit(ExclusiveContext* cx, HandleScript script, uint32_t ncon } if (script->bindings.count() != 0) { - // Make sure bindings are sufficiently aligned. - cursor = reinterpret_cast - (JS_ROUNDUP(reinterpret_cast(cursor), JS_ALIGNMENT_OF(Binding))); + // Make sure bindings are sufficiently aligned. + cursor = reinterpret_cast + (JS_ROUNDUP(reinterpret_cast(cursor), JS_ALIGNMENT_OF(Binding))); } cursor = script->bindings.switchToScriptStorage(reinterpret_cast(cursor)); @@ -3400,7 +3400,7 @@ js::detail::CopyScript(JSContext* cx, HandleObject scriptStaticScope, HandleScri /* Script data */ size_t size = src->dataSize(); - uint8_t* data = AllocScriptData(cx->zone(), size); + ScopedJSFreePtr data(AllocScriptData(cx->zone(), size)); if (size && !data) { ReportOutOfMemory(cx); return false; @@ -3499,9 +3499,9 @@ js::detail::CopyScript(JSContext* cx, HandleObject scriptStaticScope, HandleScri dst->bindings = bindings; /* This assignment must occur before all the Rebase calls. */ - dst->data = data; + dst->data = data.forget(); dst->dataSize_ = size; - memcpy(data, src->data, size); + memcpy(dst->data, src->data, size); /* Script filenames, bytecodes and atoms are runtime-wide. */ dst->setCode(src->code());