Bug 1336054: Add allocation check in wasmTextToBinary's ParseBlock; r?luke
MozReview-Commit-ID: 2Wkg8SMy6RT
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/wasm/regress/oom-wasmtexttobinary-block.js
@@ -0,0 +1,8 @@
+if (typeof oomTest === 'undefined')
+ quit();
+
+try {
+ oomTest((function () {
+ wasmTextToBinary("(module(func(loop $label1 $label0)))");
+ }));
+} catch(e) { }
--- a/js/src/wasm/WasmTextToBinary.cpp
+++ b/js/src/wasm/WasmTextToBinary.cpp
@@ -1614,16 +1614,18 @@ ParseBlock(WasmParseContext& c, Op op, b
if (!inParens) {
if (!c.ts.match(WasmToken::End, c.error))
return nullptr;
if (!MaybeMatchName(c, name))
return nullptr;
}
AstBlock* result = new(c.lifo) AstBlock(op, type, name, Move(exprs));
+ if (!result)
+ return nullptr;
if (op == Op::Loop && !otherName.empty()) {
if (!exprs.append(result))
return nullptr;
result = new(c.lifo) AstBlock(Op::Block, type, otherName, Move(exprs));
}
return result;