summaryrefslogtreecommitdiffstats
path: root/src/3rdparty/javascriptcore
diff options
context:
space:
mode:
authorKent Hansen <kent.hansen@nokia.com>2011-01-24 14:32:11 (GMT)
committerKent Hansen <kent.hansen@nokia.com>2011-01-24 15:34:54 (GMT)
commit81941e4c5dcd18ef04b2b22dd3f1b4c04620647c (patch)
tree2dd7b4f7edfbe5944aba0710089a90590166e19f /src/3rdparty/javascriptcore
parent1137379e98cab8cc67fac70b31c97001c4473eb0 (diff)
downloadQt-81941e4c5dcd18ef04b2b22dd3f1b4c04620647c.zip
Qt-81941e4c5dcd18ef04b2b22dd3f1b4c04620647c.tar.gz
Qt-81941e4c5dcd18ef04b2b22dd3f1b4c04620647c.tar.bz2
Fix crash in QtScript/JSC stack allocator on Symbian
The reserved (virtual) size of the chunk is not necessarily a multiple of the "pool" size (the physical growth increment). The reserved size is only rounded up to a multiple of the page size (4K), not the pool size (64K). This meant that the commit of the _last_ part of the chunk could (and did) fail, because we tried to commit 64K while only a size <64K was remaining. Detect this case and reduce the requested size accordingly. Also add a call to CRASH() in case Commit() returns an error, to avoid obscure crashes in JSC at a later point (grow() must not fail). Task-number: QTBUG-16685 Reviewed-by: Simon Hausmann
Diffstat (limited to 'src/3rdparty/javascriptcore')
-rw-r--r--src/3rdparty/javascriptcore/JavaScriptCore/wtf/symbian/RegisterFileAllocatorSymbian.cpp6
1 files changed, 6 insertions, 0 deletions
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/symbian/RegisterFileAllocatorSymbian.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/symbian/RegisterFileAllocatorSymbian.cpp
index da5cc99..e89dd7a 100644
--- a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/symbian/RegisterFileAllocatorSymbian.cpp
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/symbian/RegisterFileAllocatorSymbian.cpp
@@ -83,10 +83,16 @@ void RegisterFileAllocator::grow(void* newEnd)
TInt nBytes = (TInt)(newEnd) - (TInt)(m_comEnd);
nBytes = SYMBIAN_ROUNDUPTOMULTIPLE(nBytes, m_poolSize);
TInt offset = (TInt)m_comEnd - (TInt)m_buffer;
+ // The reserved size is not guaranteed to be a multiple of the pool size.
+ TInt maxBytes = (TInt)m_resEnd - (TInt)m_comEnd;
+ if (nBytes > maxBytes)
+ nBytes = maxBytes;
TInt ret = m_chunk.Commit(offset, nBytes);
if (ret == KErrNone)
m_comEnd = (void*)(m_chunk.Base() + m_chunk.Size());
+ else
+ CRASH();
}
}