Bug 1352449 - JSErrorReport::initBorrowedLinebuf should be called with aligned pointer for char16_t. r=arai

2017-03-31 08:15:47 -07:00 · 2017-03-31 08:15:47 -07:00 · f8cc0820ce
--- a/js/src/jsexn.cpp
+++ b/js/src/jsexn.cpp
@ -209,8 +209,13 @@ ErrorObject::classes[JSEXN_ERROR_LIMIT] = {
 size_t
 ExtraMallocSize(JSErrorReport* report)
 {
-    if (report->linebuf())
-        return (report->linebufLength() + 1) * sizeof(char16_t);
+    if (report->linebuf()) {
+        /*
+         * Count with null terminator and alignment.
+         * See CopyExtraData for the details about alignment.
+         */
+        return (report->linebufLength() + 1) * sizeof(char16_t) + 1;
+    }

    return 0;
 }
@ -225,6 +230,13 @@ bool
 CopyExtraData(JSContext* cx, uint8_t** cursor, JSErrorReport* copy, JSErrorReport* report)
 {
    if (report->linebuf()) {
+        /*
+         * Make sure cursor is properly aligned for char16_t for platforms
+         * which need it.
+         */
+        if (size_t(*cursor) % 2)
+            (*cursor)++;
+
        size_t linebufSize = (report->linebufLength() + 1) * sizeof(char16_t);
        const char16_t* linebufCopy = (const char16_t*)(*cursor);
        js_memcpy(*cursor, report->linebuf(), linebufSize);