Bug 1267557 part 1 - Also poison bytes allocated before the actual jitcode. r=nbp

2016-04-28 13:38:10 +02:00 · 2016-04-28 13:38:10 +02:00 · bb1f9f8372
--- a/js/src/jit/Ion.cpp
+++ b/js/src/jit/Ion.cpp
@ -815,8 +815,11 @@ JitCode::finalize(FreeOp* fop)
    // With W^X JIT code, reprotecting memory for each JitCode instance is
    // slow, so we record the ranges and poison them later all at once. It's
    // safe to ignore OOM here, it just means we won't poison the code.
-    if (fop->appendJitPoisonRange(JitPoisonRange(pool_, code_, bufferSize_)))
+    if (fop->appendJitPoisonRange(JitPoisonRange(pool_, code_ - headerSize_,
+                                                 headerSize_ + bufferSize_)))
+    {
        pool_->addRef();
+    }
    code_ = nullptr;

    // Code buffers are stored inside ExecutablePools. Pools are refcounted.