[SCM] WebKit Debian packaging branch, webkit-1.1, updated. upstream/1.1.20-204-g221d8e8
zoltan at webkit.org
zoltan at webkit.org
Wed Feb 10 22:16:23 UTC 2010
The following commit has been merged in the webkit-1.1 branch:
commit 7cff76d3e8267fd027af3ab3fd04dfc1e310a9b6
Author: zoltan at webkit.org <zoltan at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Fri Feb 5 12:27:35 2010 +0000
Don't call CRASH() in fastMalloc and fastCalloc when the requested memory size is 0
https://bugs.webkit.org/show_bug.cgi?id=34569
Patch by Kwang Yul Seo <skyul at company100.net> on 2010-02-05
Reviewed by Alexey Proskuryakov.
With USE_SYSTEM_MALLOC=1, fastMalloc and fastCalloc call CRASH()
if the return value of malloc and calloc is 0.
However, these functions can return 0 when the request size is 0.
Libc manual says, "If size is 0, then malloc() returns either NULL,
or a unique pointer value that can later be successfully passed to free()."
Though malloc returns a unique pointer in most systems,
0 can be returned in some systems. For instance, BREW's MALLOC returns 0
when size is 0.
If malloc or calloc returns 0 due to allocation size, increase the size
to 1 and try again.
* wtf/FastMalloc.cpp:
(WTF::fastMalloc):
(WTF::fastCalloc):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@54419 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/JavaScriptCore/ChangeLog b/JavaScriptCore/ChangeLog
index ef3bcbc..811f510 100644
--- a/JavaScriptCore/ChangeLog
+++ b/JavaScriptCore/ChangeLog
@@ -1,3 +1,27 @@
+2010-02-05 Kwang Yul Seo <skyul at company100.net>
+
+ Reviewed by Alexey Proskuryakov.
+
+ Don't call CRASH() in fastMalloc and fastCalloc when the requested memory size is 0
+ https://bugs.webkit.org/show_bug.cgi?id=34569
+
+ With USE_SYSTEM_MALLOC=1, fastMalloc and fastCalloc call CRASH()
+ if the return value of malloc and calloc is 0.
+
+ However, these functions can return 0 when the request size is 0.
+ Libc manual says, "If size is 0, then malloc() returns either NULL,
+ or a unique pointer value that can later be successfully passed to free()."
+ Though malloc returns a unique pointer in most systems,
+ 0 can be returned in some systems. For instance, BREW's MALLOC returns 0
+ when size is 0.
+
+ If malloc or calloc returns 0 due to allocation size, increase the size
+ to 1 and try again.
+
+ * wtf/FastMalloc.cpp:
+ (WTF::fastMalloc):
+ (WTF::fastCalloc):
+
2010-02-04 Mark Rowe <mrowe at apple.com>
Reviewed by Timothy Hatcher.
diff --git a/JavaScriptCore/wtf/FastMalloc.cpp b/JavaScriptCore/wtf/FastMalloc.cpp
index 7b14809..79d2bfb 100644
--- a/JavaScriptCore/wtf/FastMalloc.cpp
+++ b/JavaScriptCore/wtf/FastMalloc.cpp
@@ -239,8 +239,16 @@ void* fastMalloc(size_t n)
void* result = malloc(n);
#endif
- if (!result)
+ if (!result) {
+#if PLATFORM(BREWMP)
+ // The behavior of malloc(0) is implementation defined.
+ // To make sure that fastMalloc never returns 0, retry with fastMalloc(1).
+ if (!n)
+ return fastMalloc(1);
+#endif
CRASH();
+ }
+
return result;
}
@@ -279,8 +287,16 @@ void* fastCalloc(size_t n_elements, size_t element_size)
void* result = calloc(n_elements, element_size);
#endif
- if (!result)
+ if (!result) {
+#if PLATFORM(BREWMP)
+ // If either n_elements or element_size is 0, the behavior of calloc is implementation defined.
+ // To make sure that fastCalloc never returns 0, retry with fastCalloc(1, 1).
+ if (!n_elements || !element_size)
+ return fastCalloc(1, 1);
+#endif
CRASH();
+ }
+
return result;
}
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list