Commit b9f19771 authored by Jakob Gruber's avatar Jakob Gruber Committed by Commit Bot

[small-vector] Hard-crash on failed allocation

.. of the backing store, instead of continuing and silently attempting
to deref nullptr.

Bug: chromium:1198657
Change-Id: I82e51abc4d2f9dfe0de596b082a6f78089af7df8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2824438Reviewed-by: 's avatarClemens Backes <clemensb@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73949}
parent 885b1ac9
...@@ -154,6 +154,13 @@ class SmallVector { ...@@ -154,6 +154,13 @@ class SmallVector {
base::bits::RoundUpToPowerOfTwo(std::max(min_capacity, 2 * capacity())); base::bits::RoundUpToPowerOfTwo(std::max(min_capacity, 2 * capacity()));
T* new_storage = T* new_storage =
reinterpret_cast<T*>(base::Malloc(sizeof(T) * new_capacity)); reinterpret_cast<T*>(base::Malloc(sizeof(T) * new_capacity));
if (new_storage == nullptr) {
// Should be: V8::FatalProcessOutOfMemory, but we don't include V8 from
// base. The message is intentionally the same as FatalProcessOutOfMemory
// since that will help fuzzers and chromecrash to categorize such
// crashes appropriately.
FATAL("Fatal process out of memory: base::SmallVector::Grow");
}
base::Memcpy(new_storage, begin_, sizeof(T) * in_use); base::Memcpy(new_storage, begin_, sizeof(T) * in_use);
if (is_big()) base::Free(begin_); if (is_big()) base::Free(begin_);
begin_ = new_storage; begin_ = new_storage;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment