author Kartikaya Gupta <kgupta@mozilla.com>

Tue, 20 Feb 2018 15:37:48 -0500

changeset 757560 ea95e1785adf49a62fb39f0f3a89be5cd7354770

parent 757559 6b2284a75a51ebebcaf4162024a3a33584753bd4

child 757561 9ce647109aa63be152b7a5a429ea4012b2eea80d

push id 99776

push user kgupta@mozilla.com

push date Tue, 20 Feb 2018 20:38:26 +0000

reviewers nical

bugs 1439525

milestone 60.0a1

gfx/layers/wr/IpcResourceUpdateQueue.cpp file | annotate | diff | comparison | revisions
--- a/gfx/layers/wr/IpcResourceUpdateQueue.cpp
+++ b/gfx/layers/wr/IpcResourceUpdateQueue.cpp
@@ -49,21 +49,25 @@ ShmSegmentsWriter::Write(Range<uint8_t> 
 
   size_t srcCursor = 0;
   size_t dstCursor = mCursor;
   size_t currAllocLen = mSmallAllocs.Length();
 
   while (remainingBytesToCopy > 0) {
     if (dstCursor >= mSmallAllocs.Length() * mChunkSize) {
       if (!AllocChunk()) {
+        // Allocation failed, so roll back to the state at the start of this
+        // Write() call and abort.
         for (size_t i = mSmallAllocs.Length() ; currAllocLen < i ; i--) {
-          RefCountedShmem& shm = mSmallAllocs.ElementAt(i);
+          MOZ_ASSERT(i > 0);
+          RefCountedShmem& shm = mSmallAllocs.ElementAt(i - 1);
           RefCountedShm::Dealloc(mShmAllocator, shm);
-          mSmallAllocs.RemoveElementAt(i);
+          mSmallAllocs.RemoveElementAt(i - 1);
         }
+        MOZ_ASSERT(mSmallAllocs.Length() == currAllocLen);
         return layers::OffsetRange(0, start, 0);
       }
       continue;
     }
 
     const size_t dstMaxOffset = mChunkSize * mSmallAllocs.Length();
     const size_t dstBaseOffset = mChunkSize * (mSmallAllocs.Length() - 1);
author	Kartikaya Gupta <kgupta@mozilla.com>
	Tue, 20 Feb 2018 15:37:48 -0500
changeset 757560	ea95e1785adf49a62fb39f0f3a89be5cd7354770
parent 757559	6b2284a75a51ebebcaf4162024a3a33584753bd4
child 757561	9ce647109aa63be152b7a5a429ea4012b2eea80d
push id	99776
push user	kgupta@mozilla.com
push date	Tue, 20 Feb 2018 20:38:26 +0000
reviewers	nical
bugs	1439525
milestone	60.0a1