tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE
commit 8d929c6b779e762ad4a54593258c58720f8c23ab
parent e445026fb0dbfc1b2f084c3ef29172b13a6bcbf0
Author: Rong "Mantle" Bao <webmaster@csmantle.top>
Date:   Fri, 24 Oct 2025 07:13:22 +0000

Bug 1995441 - Allocate Arena-under-testing from a valid ArenaChunk in jsapi-tests/testSortedArenaList. r=jonco

Each `Arena` is expected to be contained within a `ArenaChunk`. The
current test case breaks this invariant by directly `js_pod_calloc`-ing
an `Arena` instead of allocating one from a working `ArenaChunk`.

This patch addresses this by allocating an `ArenaChunk`, then obtaining
an `Arena` from it using regular methods. To force success, a new
wrapper class is created to ensure the existence of free `Arena`s.

Differential Revision: https://phabricator.services.mozilla.com/D269530

Diffstat:

Mjs/src/jsapi-tests/testSortedArenaList.cpp | 20++++++++++++++++++--


1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/js/src/jsapi-tests/testSortedArenaList.cpp b/js/src/jsapi-tests/testSortedArenaList.cpp
@@ -16,14 +16,30 @@
 using namespace js;
 using namespace js::gc;
 
+class TestArenaChunk : public ArenaChunk {
+ public:
+  static TestArenaChunk* init(void* ptr, GCRuntime* gc) {
+    auto* const arenaChunk =
+        static_cast<TestArenaChunk*>(ArenaChunk::init(ptr, gc, true));
+    arenaChunk->initAsCommitted();
+    return arenaChunk;
+  }
+};
+
 // Automatically allocate and free an Arena for testing purposes.
 class MOZ_RAII AutoTestArena {
+  TestArenaChunk* arenaChunk = nullptr;
   Arena* arena = nullptr;
 
  public:
   explicit AutoTestArena(JSContext* cx, AllocKind kind, size_t nfree) {
     // For testing purposes only. Don't do this in real code!
-    arena = js_pod_calloc<Arena>(1);
+    void* const arenaChunkPtr =
+        TestArenaChunk::allocate(&cx->runtime()->gc, StallAndRetry::No);
+    MOZ_RELEASE_ASSERT(arenaChunkPtr);
+    arenaChunk = TestArenaChunk::init(arenaChunkPtr, &cx->runtime()->gc);
+
+    arena = arenaChunk->fetchNextFreeArena(&cx->runtime()->gc);
     MOZ_RELEASE_ASSERT(arena);
 
     arena->init(&cx->runtime()->gc, cx->zone(), kind);
@@ -36,7 +52,7 @@ class MOZ_RAII AutoTestArena {
     MOZ_RELEASE_ASSERT(arena->countFreeCells() == nfree);
   }
 
-  ~AutoTestArena() { js_free(arena); }
+  ~AutoTestArena() { UnmapPages(arenaChunk, ChunkSize); }
 
   Arena* get() { return arena; }
   operator Arena*() { return arena; }