Mercurial > mozreview > gecko / changeset / 4e9c85c796cea0cc90e0b68f24c697ed5d8b0ea8
summary | shortlog | changelog | pushlog | graph | tags | bookmarks | branches | files | changeset | raw | zip | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Bug 1392181 - part1: nsTextFragment::SetTo() shouldn't use CheckedInt r?smaug draft
authorMasayuki Nakano <masayuki@d-toybox.com>
Mon, 21 Aug 2017 17:23:41 +0900 (2017-08-21)
changeset 650461 4e9c85c796cea0cc90e0b68f24c697ed5d8b0ea8
parent 650460 e4d0b880fa8308a154f36d2f603962d182d36e97
child 650462 b3ca06a7efab81eb9466902b67d6a1089edf54f7
push id75402
push usermasayuki@d-toybox.com
push dateTue, 22 Aug 2017 12:28:59 +0000 (2017-08-22)
reviewerssmaug
bugs1392181
milestone57.0a1
Bug 1392181 - part1: nsTextFragment::SetTo() shouldn't use CheckedInt r?smaug nsTextFragment::SetTo() may be hot path of performance test but it needs to be careful for computing allocation size. However, nsTextFragment uses uint32_t with only 29 bits to store its text length and using CheckedInt sometimes causes appearing CheckedInt in profile. So, using CheckedInt in it doesn't make sense (and also wrong). This patch defines NS_MAX_TEXT_FRAGMENT_LENGTH and make SetTo() check the length of new text by itself. MozReview-Commit-ID: 5zHtU1Kk6X2
dom/base/nsTextFragment.cpp file | annotate | diff | comparison | revisions
dom/base/nsTextFragment.h file | annotate | diff | comparison | revisions 
--- a/dom/base/nsTextFragment.cpp
+++ b/dom/base/nsTextFragment.cpp
@@ -332,31 +332,31 @@ nsTextFragment::Append(const char16_t* a
   // This is a common case because some callsites create a textnode
   // with a value by creating the node and then calling AppendData.
   if (mState.mLength == 0) {
     return SetTo(aBuffer, aLength, aUpdateBidi, aForce2b);
   }
 
   // Should we optimize for aData.Length() == 0?
 
-  CheckedUint32 length = mState.mLength;
-  length += aLength;
-
-  if (!length.isValid()) {
-    return false;
+  // FYI: Don't use CheckedInt in this method since here is very hot path
+  //      in some performance tests.
+  if (NS_MAX_TEXT_FRAGMENT_LENGTH - mState.mLength < aLength) {
+    return false;  // Would be overflown if we'd keep handling.
   }
 
   if (mState.mIs2b) {
-    length *= sizeof(char16_t);
-    if (!length.isValid()) {
-      return false;
+    size_t size = mState.mLength + aLength;
+    if (SIZE_MAX / sizeof(char16_t) < size) {
+      return false;  // Would be overflown if we'd keep handling.
     }
+    size *= sizeof(char16_t);
 
     // Already a 2-byte string so the result will be too
-    char16_t* buff = static_cast<char16_t*>(realloc(m2b, length.value()));
+    char16_t* buff = static_cast<char16_t*>(realloc(m2b, size));
     if (!buff) {
       return false;
     }
 
     memcpy(buff + mState.mLength, aBuffer, aLength * sizeof(char16_t));
     mState.mLength += aLength;
     m2b = buff;
 
@@ -366,24 +366,25 @@ nsTextFragment::Append(const char16_t* a
 
     return true;
   }
 
   // Current string is a 1-byte string, check if the new data fits in one byte too.
   int32_t first16bit = aForce2b ? 0 : FirstNon8Bit(aBuffer, aBuffer + aLength);
 
   if (first16bit != -1) { // aBuffer contains no non-8bit character
-    length *= sizeof(char16_t);
-    if (!length.isValid()) {
-      return false;
+    size_t size = mState.mLength + aLength;
+    if (SIZE_MAX / sizeof(char16_t) < size) {
+      return false;  // Would be overflown if we'd keep handling.
     }
+    size *= sizeof(char16_t);
 
     // The old data was 1-byte, but the new is not so we have to expand it
     // all to 2-byte
-    char16_t* buff = static_cast<char16_t*>(malloc(length.value()));
+    char16_t* buff = static_cast<char16_t*>(malloc(size));
     if (!buff) {
       return false;
     }
 
     // Copy data into buff
     LossyConvertEncoding8to16 converter(buff);
     copy_string(m1b, m1b+mState.mLength, converter);
 
@@ -401,25 +402,27 @@ nsTextFragment::Append(const char16_t* a
     if (aUpdateBidi) {
       UpdateBidiFlag(aBuffer + first16bit, aLength - first16bit);
     }
 
     return true;
   }
 
   // The new and the old data is all 1-byte
+  size_t size = mState.mLength + aLength;
+  MOZ_ASSERT(sizeof(char) == 1);
   char* buff;
   if (mState.mInHeap) {
-    buff = static_cast<char*>(realloc(const_cast<char*>(m1b), length.value()));
+    buff = static_cast<char*>(realloc(const_cast<char*>(m1b), size));
     if (!buff) {
       return false;
     }
   }
   else {
-    buff = static_cast<char*>(malloc(length.value()));
+    buff = static_cast<char*>(malloc(size));
     if (!buff) {
       return false;
     }
 
     memcpy(buff, m1b, mState.mLength);
     mState.mInHeap = true;
   }
 
--- a/dom/base/nsTextFragment.h
+++ b/dom/base/nsTextFragment.h
@@ -216,19 +216,23 @@ public:
     // uint32_t to ensure that the values are unsigned, because we
     // want 0/1, not 0/-1!
     // Making these bool causes Windows to not actually pack them,
     // which causes crashes because we assume this structure is no more than
     // 32 bits!
     uint32_t mInHeap : 1;
     uint32_t mIs2b : 1;
     uint32_t mIsBidi : 1;
+    // Note that when you change the bits of mLength, you also need to change
+    // NS_MAX_TEXT_FRAGMENT_LENGTH.
     uint32_t mLength : 29;
   };
 
+#define NS_MAX_TEXT_FRAGMENT_LENGTH (static_cast<uint32_t>(0x1FFFFFFF))
+
   size_t SizeOfExcludingThis(mozilla::MallocSizeOf aMallocSizeOf) const;
 
 private:
   void ReleaseText();
 
   /**
    * Scan the contents of the fragment and turn on mState.mIsBidi if it
    * includes any Bidi characters.
gecko
Deployed from ae4bf6620a9a at 2025-07-31T11:56:03Z.