[SCM] WebKit Debian packaging branch, webkit-1.1, updated. upstream/1.1.20-204-g221d8e8

Wed Feb 10 22:16:23 UTC 2010

The following commit has been merged in the webkit-1.1 branch:
commit 7cff76d3e8267fd027af3ab3fd04dfc1e310a9b6
Author: zoltan at webkit.org <zoltan at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Fri Feb 5 12:27:35 2010 +0000

    Don't call CRASH() in fastMalloc and fastCalloc when the requested memory size is 0
    https://bugs.webkit.org/show_bug.cgi?id=34569
    
    Patch by Kwang Yul Seo <skyul at company100.net> on 2010-02-05
    Reviewed by Alexey Proskuryakov.
    
    With USE_SYSTEM_MALLOC=1, fastMalloc and fastCalloc call CRASH()
    if the return value of malloc and calloc is 0.
    
    However, these functions can return 0 when the request size is 0.
    Libc manual says, "If size is 0, then malloc() returns either NULL,
    or a unique pointer value that can later be successfully passed to free()."
    Though malloc returns a unique pointer in most systems,
    0 can be returned in some systems. For instance, BREW's MALLOC returns 0
    when size is 0.
    
    If malloc or calloc returns 0 due to allocation size, increase the size
    to 1 and try again.
    
    * wtf/FastMalloc.cpp:
    (WTF::fastMalloc):
    (WTF::fastCalloc):
    
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@54419 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/JavaScriptCore/ChangeLog b/JavaScriptCore/ChangeLog
index ef3bcbc..811f510 100644
--- a/JavaScriptCore/ChangeLog
+++ b/JavaScriptCore/ChangeLog
@@ -1,3 +1,27 @@
+2010-02-05  Kwang Yul Seo  <skyul at company100.net>
+
+        Reviewed by Alexey Proskuryakov.
+
+        Don't call CRASH() in fastMalloc and fastCalloc when the requested memory size is 0
+        https://bugs.webkit.org/show_bug.cgi?id=34569
+
+        With USE_SYSTEM_MALLOC=1, fastMalloc and fastCalloc call CRASH()
+        if the return value of malloc and calloc is 0.
+        
+        However, these functions can return 0 when the request size is 0.
+        Libc manual says, "If size is 0, then malloc() returns either NULL,
+        or a unique pointer value that can later be successfully passed to free()."
+        Though malloc returns a unique pointer in most systems,
+        0 can be returned in some systems. For instance, BREW's MALLOC returns 0
+        when size is 0.
+
+        If malloc or calloc returns 0 due to allocation size, increase the size
+        to 1 and try again.
+
+        * wtf/FastMalloc.cpp:
+        (WTF::fastMalloc):
+        (WTF::fastCalloc):
+
 2010-02-04  Mark Rowe  <mrowe at apple.com>
 
         Reviewed by Timothy Hatcher.
diff --git a/JavaScriptCore/wtf/FastMalloc.cpp b/JavaScriptCore/wtf/FastMalloc.cpp
index 7b14809..79d2bfb 100644
--- a/JavaScriptCore/wtf/FastMalloc.cpp
+++ b/JavaScriptCore/wtf/FastMalloc.cpp
@@ -239,8 +239,16 @@ void* fastMalloc(size_t n)
     void* result = malloc(n);
 #endif
 
-    if (!result)
+    if (!result) {
+#if PLATFORM(BREWMP)
+        // The behavior of malloc(0) is implementation defined.
+        // To make sure that fastMalloc never returns 0, retry with fastMalloc(1).
+        if (!n)
+            return fastMalloc(1);
+#endif
         CRASH();
+    }
+
     return result;
 }
 
@@ -279,8 +287,16 @@ void* fastCalloc(size_t n_elements, size_t element_size)
     void* result = calloc(n_elements, element_size);
 #endif
 
-    if (!result)
+    if (!result) {
+#if PLATFORM(BREWMP)
+        // If either n_elements or element_size is 0, the behavior of calloc is implementation defined.
+        // To make sure that fastCalloc never returns 0, retry with fastCalloc(1, 1).
+        if (!n_elements || !element_size)
+            return fastCalloc(1, 1);
+#endif
         CRASH();
+    }
+
     return result;
 }
 

-- 
WebKit Debian packaging

