From c1242e255e0edcf65073dc56c24692f46fd92d01 Mon Sep 17 00:00:00 2001
From: "Nicolas B. Pierron" <nicolas.b.pierron@mozilla.com>
Date: Wed, 15 Jun 2016 16:27:18 +0000
Subject: [PATCH] Bug 1264948 - MBasicBlock::addPredecessor, check for OOMs
 when allocating Phi nodes. r=h4writer

---
 js/src/jit/MIR.h        | 3 +++
 js/src/jit/MIRGraph.cpp | 6 ++++--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/js/src/jit/MIR.h b/js/src/jit/MIR.h
index 52f1f14d78a2..eedcb3926a91 100644
--- a/js/src/jit/MIR.h
+++ b/js/src/jit/MIR.h
@@ -7548,6 +7548,9 @@ class MPhi final
     static MPhi* New(TempAllocator& alloc, MIRType resultType = MIRType::Value) {
         return new(alloc) MPhi(alloc, resultType);
     }
+    static MPhi* New(TempAllocator::Fallible alloc, MIRType resultType = MIRType::Value) {
+        return new(alloc) MPhi(alloc.alloc, resultType);
+    }
 
     void removeOperand(size_t index);
     void removeAllOperands();
diff --git a/js/src/jit/MIRGraph.cpp b/js/src/jit/MIRGraph.cpp
index 76d95e53c174..9d431fa802be 100644
--- a/js/src/jit/MIRGraph.cpp
+++ b/js/src/jit/MIRGraph.cpp
@@ -1193,9 +1193,11 @@ MBasicBlock::addPredecessorPopN(TempAllocator& alloc, MBasicBlock* pred, uint32_
                 // Otherwise, create a new phi node.
                 MPhi* phi;
                 if (mine->type() == other->type())
-                    phi = MPhi::New(alloc, mine->type());
+                    phi = MPhi::New(alloc.fallible(), mine->type());
                 else
-                    phi = MPhi::New(alloc);
+                    phi = MPhi::New(alloc.fallible());
+                if (!phi)
+                    return false;
                 addPhi(phi);
 
                 // Prime the phi for each predecessor, so input(x) comes from