JSFixedArray::allocationSize() should not allow for allocation failure.
authormark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 2 May 2017 17:55:11 +0000 (17:55 +0000)
committermark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 2 May 2017 17:55:11 +0000 (17:55 +0000)
commit1b31a3944b7b8c7a2869a32eda34738479ba1069
tree91be8eb2a0b0d666314300bc2e57f781db7b6ba9
parentfbcb18c004cf6dbe56a8e5c0192e27732658b196
JSFixedArray::allocationSize() should not allow for allocation failure.
https://bugs.webkit.org/show_bug.cgi?id=171516

Reviewed by Geoffrey Garen.

Since JSFixedArray::createFromArray() now handles allocation failures by throwing
OutOfMemoryErrors, its helper function allocationSize() (which computes the buffer
size to allocate) should also allow for allocation failure on overflow.

This issue is covered by the stress/js-fixed-array-out-of-memory.js test when
run on 32-bit builds.

* runtime/JSFixedArray.h:
(JSC::JSFixedArray::tryCreate):
(JSC::JSFixedArray::allocationSize):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@216076 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/runtime/JSFixedArray.h