Commit acc45966 authored by Henri Sivonen's avatar Henri Sivonen
Browse files

Bug 1486470 - Avoid overwriting newData when there's an OOM failure on buffer... 

Bug 1486470 - Avoid overwriting newData when there's an OOM failure on buffer shrinking attempt. r=froydnj

MozReview-Commit-ID: F54grcUOwBG

Differential Revision: https://phabricator.services.mozilla.com/D4418

--HG--
extra : moz-landing-system : lando
parent 924aa36a

xpcom/string/nsTSubstring.cpp

+14 −15
Original line number Diff line number Diff line
@@ -199,9 +199,11 @@ nsTSubstring<T>::StartBulkWriteImpl(size_type aCapacity, 
      // bucket, it's not useful to use realloc, which may spend time uselessly

      // copying too much.

      nsStringBuffer* newHdr = nsStringBuffer::Alloc(storageSize).take();

      if (!newHdr) {

        // we are still in a consistent state

        if (shrinking) {

      if (newHdr) {

        newData = (char_type*)newHdr->Data();

      } else if (shrinking) {

        // We're still in a consistent state.

        //

        // Since shrinking is just a memory footprint optimization, we

        // don't propagate OOM if we tried to shrink in order to avoid

        // OOM crashes from infallible callers. If we're lucky, soon enough
@@ -213,9 +215,6 @@ nsTSubstring<T>::StartBulkWriteImpl(size_type aCapacity, 
        return mozilla::Err(NS_ERROR_OUT_OF_MEMORY);

      }

    }



      newData = (char_type*)newHdr->Data();

    }

    newDataFlags = DataFlags::TERMINATED | DataFlags::REFCOUNTED;

  }