Fix duk_hcompfunc data != NULL assumptions

svaarala · svaarala · commit a174cf094e2f · 2016-12-04T04:12:52.000+02:00
diff --git a/src-input/duk_heap_markandsweep.c b/src-input/duk_heap_markandsweep.c
@@ -87,18 +87,23 @@ DUK_LOCAL void duk__mark_hobject(duk_heap *heap, duk_hobject *h) {
 		duk__mark_heaphdr(heap, (duk_heaphdr *) DUK_HCOMPFUNC_GET_LEXENV(heap, f));
 		duk__mark_heaphdr(heap, (duk_heaphdr *) DUK_HCOMPFUNC_GET_VARENV(heap, f));
 
-		tv = DUK_HCOMPFUNC_GET_CONSTS_BASE(heap, f);
-		tv_end = DUK_HCOMPFUNC_GET_CONSTS_END(heap, f);
-		while (tv < tv_end) {
-			duk__mark_tval(heap, tv);
-			tv++;
-		}
+		if (DUK_HCOMPFUNC_GET_DATA(heap, f) != NULL) {
+			tv = DUK_HCOMPFUNC_GET_CONSTS_BASE(heap, f);
+			tv_end = DUK_HCOMPFUNC_GET_CONSTS_END(heap, f);
+			while (tv < tv_end) {
+				duk__mark_tval(heap, tv);
+				tv++;
+			}
 
-		fn = DUK_HCOMPFUNC_GET_FUNCS_BASE(heap, f);
-		fn_end = DUK_HCOMPFUNC_GET_FUNCS_END(heap, f);
-		while (fn < fn_end) {
-			duk__mark_heaphdr(heap, (duk_heaphdr *) *fn);
-			fn++;
+			fn = DUK_HCOMPFUNC_GET_FUNCS_BASE(heap, f);
+			fn_end = DUK_HCOMPFUNC_GET_FUNCS_END(heap, f);
+			while (fn < fn_end) {
+				duk__mark_heaphdr(heap, (duk_heaphdr *) *fn);
+				fn++;
+			}
+		} else {
+			/* May happen in some out-of-memory corner cases. */
+			DUK_D(DUK_DPRINT("duk_hcompfunc 'data' is NULL, skipping marking"));
 		}
 	} else if (DUK_HOBJECT_IS_NATFUNC(h)) {
 		duk_hnatfunc *f = (duk_hnatfunc *) h;
diff --git a/src-input/duk_heap_refcount.c b/src-input/duk_heap_refcount.c
@@ -125,23 +125,26 @@ DUK_LOCAL void duk__refcount_finalize_hobject(duk_hthread *thr, duk_hobject *h)
 		duk_tval *tv, *tv_end;
 		duk_hobject **funcs, **funcs_end;
 
-		DUK_ASSERT(DUK_HCOMPFUNC_GET_DATA(thr->heap, f) != NULL);  /* compiled functions must be created 'atomically' */
-
-		tv = DUK_HCOMPFUNC_GET_CONSTS_BASE(thr->heap, f);
-		tv_end = DUK_HCOMPFUNC_GET_CONSTS_END(thr->heap, f);
-		while (tv < tv_end) {
-			DUK_TVAL_DECREF_NORZ(thr, tv);
-			tv++;
-		}
+		if (DUK_HCOMPFUNC_GET_DATA(thr->heap, f) != NULL) {
+			tv = DUK_HCOMPFUNC_GET_CONSTS_BASE(thr->heap, f);
+			tv_end = DUK_HCOMPFUNC_GET_CONSTS_END(thr->heap, f);
+			while (tv < tv_end) {
+				DUK_TVAL_DECREF_NORZ(thr, tv);
+				tv++;
+			}
 
-		funcs = DUK_HCOMPFUNC_GET_FUNCS_BASE(thr->heap, f);
-		funcs_end = DUK_HCOMPFUNC_GET_FUNCS_END(thr->heap, f);
-		while (funcs < funcs_end) {
-			duk_hobject *h_func;
-			h_func = *funcs;
-			DUK_ASSERT(DUK_HEAPHDR_IS_OBJECT((duk_heaphdr *) h_func));
-			DUK_HCOMPFUNC_DECREF_NORZ(thr, (duk_hcompfunc *) h_func);
-			funcs++;
+			funcs = DUK_HCOMPFUNC_GET_FUNCS_BASE(thr->heap, f);
+			funcs_end = DUK_HCOMPFUNC_GET_FUNCS_END(thr->heap, f);
+			while (funcs < funcs_end) {
+				duk_hobject *h_func;
+				h_func = *funcs;
+				DUK_ASSERT(DUK_HEAPHDR_IS_OBJECT((duk_heaphdr *) h_func));
+				DUK_HCOMPFUNC_DECREF_NORZ(thr, (duk_hcompfunc *) h_func);
+				funcs++;
+			}
+		} else {
+			/* May happen in some out-of-memory corner cases. */
+			DUK_D(DUK_DPRINT("duk_hcompfunc 'data' is NULL, skipping decref"));
 		}
 
 		DUK_HEAPHDR_DECREF_ALLOWNULL(thr, (duk_heaphdr *) DUK_HCOMPFUNC_GET_LEXENV(thr->heap, f));
diff --git a/src-input/duk_js_var.c b/src-input/duk_js_var.c
@@ -74,9 +74,15 @@ DUK_LOCAL void duk__inc_data_inner_refcounts(duk_hthread *thr, duk_hcompfunc *f)
 	duk_tval *tv, *tv_end;
 	duk_hobject **funcs, **funcs_end;
 
-	DUK_ASSERT(DUK_HCOMPFUNC_GET_DATA(thr->heap, f) != NULL);  /* compiled functions must be created 'atomically' */
 	DUK_UNREF(thr);
 
+	/* If function creation fails due to out-of-memory, the data buffer
+	 * pointer may be NULL in some cases.  That's actually possible for
+	 * GC code, but shouldn't be possible here because the incomplete
+	 * function will be unwound from the value stack and never instantiated.
+	 */
+	DUK_ASSERT(DUK_HCOMPFUNC_GET_DATA(thr->heap, f) != NULL);
+
 	tv = DUK_HCOMPFUNC_GET_CONSTS_BASE(thr->heap, f);
 	tv_end = DUK_HCOMPFUNC_GET_CONSTS_END(thr->heap, f);
 	while (tv < tv_end) {
