Bug 1295688 - InfallibleAllocPolicy should crash on overflow. r=glandium
Code that uses InfallibleAllocPolicy presumably wants for operations
to always succeed. However, Vector and HashTable can end up detecting
that growing the data structure will fail due to integer overflow, and
then will call reportAllocOverflow() and fail. I think these cases
should crash.
In addition, pod_malloc and pod_realloc should crash rather than
returning NULL when they detect overflow.
This calls mozalloc_abort rather than MOZ_CRASH directly to avoid
circular #includes, because Assertions.h includes nsTraceRefcnt.h
which includes nscore.h which includes mozalloc.h.
MozReview-Commit-ID: 1g99BXLceQI
--- a/memory/mozalloc/mozalloc.h
+++ b/memory/mozalloc/mozalloc.h
@@ -22,16 +22,17 @@
# include <cstring>
#else
# include <stdlib.h>
# include <string.h>
#endif
#if defined(__cplusplus)
#include "mozilla/fallible.h"
+#include "mozilla/mozalloc_abort.h"
#include "mozilla/TemplateLib.h"
#endif
#include "mozilla/Attributes.h"
#include "mozilla/Types.h"
#define MOZALLOC_HAVE_XMALLOC
#if defined(MOZ_ALWAYS_INLINE_EVEN_DEBUG)
@@ -287,43 +288,44 @@ void operator delete[](void* ptr, const
*/
class InfallibleAllocPolicy
{
public:
template <typename T>
T* pod_malloc(size_t aNumElems)
{
if (aNumElems & mozilla::tl::MulOverflowMask<sizeof(T)>::value) {
- return nullptr;
+ reportAllocOverflow();
}
return static_cast<T*>(moz_xmalloc(aNumElems * sizeof(T)));
}
template <typename T>
T* pod_calloc(size_t aNumElems)
{
return static_cast<T*>(moz_xcalloc(aNumElems, sizeof(T)));
}
template <typename T>
T* pod_realloc(T* aPtr, size_t aOldSize, size_t aNewSize)
{
if (aNewSize & mozilla::tl::MulOverflowMask<sizeof(T)>::value) {
- return nullptr;
+ reportAllocOverflow();
}
return static_cast<T*>(moz_xrealloc(aPtr, aNewSize * sizeof(T)));
}
void free_(void* aPtr)
{
free_impl(aPtr);
}
void reportAllocOverflow() const
{
+ mozalloc_abort("alloc overflow");
}
bool checkSimulatedOOM() const
{
return true;
}
};