From c77388a279144d0d53a58d0900f5ccad5a2e2022 Mon Sep 17 00:00:00 2001 From: Shu-yu Guo Date: Tue, 19 Apr 2016 19:44:00 +0200 Subject: [PATCH] Bug 1263862 - Fix OOM case in ScopeIter::settle. r=jandem --- js/src/jit-test/tests/gc/bug-1263862.js | 6 ++++++ js/src/vm/ScopeObject.cpp | 4 ++-- 2 files changed, 8 insertions(+), 2 deletions(-) create mode 100644 js/src/jit-test/tests/gc/bug-1263862.js diff --git a/js/src/jit-test/tests/gc/bug-1263862.js b/js/src/jit-test/tests/gc/bug-1263862.js new file mode 100644 index 000000000000..1b904d34c7a7 --- /dev/null +++ b/js/src/jit-test/tests/gc/bug-1263862.js @@ -0,0 +1,6 @@ +function loadFile(lfVarx) { + oomTest(() => eval(lfVarx)); +} +for (var i = 0; i < 10; ++i) { + loadFile(`"use strict"; const s = () => s;`); +} diff --git a/js/src/vm/ScopeObject.cpp b/js/src/vm/ScopeObject.cpp index 6dc765b37443..e8a446f83f23 100644 --- a/js/src/vm/ScopeObject.cpp +++ b/js/src/vm/ScopeObject.cpp @@ -1459,8 +1459,8 @@ ScopeIter::settle() // function frame case above, if the script starts with a lexical // block, the SSI could see 2 block scopes here. So skip between 1-2 // static block scopes here. - MOZ_ASSERT(ssi_.type() == StaticScopeIter::Block); - incrementStaticScopeIter(); + if (ssi_.type() == StaticScopeIter::Block) + incrementStaticScopeIter(); if (ssi_.type() == StaticScopeIter::Block) incrementStaticScopeIter(); MOZ_ASSERT(ssi_.type() == StaticScopeIter::Eval);