From 4798d2c4f3d800d60728d0e25b901d9e32769089 Mon Sep 17 00:00:00 2001
From: "kaznacheev@chromium.org"
 <kaznacheev@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Date: Tue, 6 Jul 2010 13:48:51 +0000
Subject: [PATCH] Fix crash introduced in r5019.

Note to self: never leave uninitialized objects in the code space.

Review URL: http://codereview.chromium.org/2800044

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5029 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
---
 src/heap.cc | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/src/heap.cc b/src/heap.cc
index b43d666..1b62589 100644
--- a/src/heap.cc
+++ b/src/heap.cc
@@ -2351,6 +2351,11 @@ Object* Heap::CreateCode(const CodeDesc& desc,
                          ZoneScopeInfo* sinfo,
                          Code::Flags flags,
                          Handle<Object> self_reference) {
+  // Allocate ByteArray before the Code object, so that we do not risk
+  // leaving uninitialized Code object (and breaking the heap).
+  Object* reloc_info = AllocateByteArray(desc.reloc_size, TENURED);
+  if (reloc_info->IsFailure()) return reloc_info;
+
   // Compute size
   int body_size = RoundUp(desc.instr_size, kObjectAlignment);
   int sinfo_size = 0;
@@ -2366,9 +2371,6 @@ Object* Heap::CreateCode(const CodeDesc& desc,
 
   if (result->IsFailure()) return result;
 
-  Object* reloc_info = AllocateByteArray(desc.reloc_size, TENURED);
-  if (reloc_info->IsFailure()) return reloc_info;
-
   // Initialize the object
   HeapObject::cast(result)->set_map(code_map());
   Code* code = Code::cast(result);
@@ -2422,6 +2424,11 @@ Object* Heap::CopyCode(Code* code) {
 
 
 Object* Heap::CopyCode(Code* code, Vector<byte> reloc_info) {
+  // Allocate ByteArray before the Code object, so that we do not risk
+  // leaving uninitialized Code object (and breaking the heap).
+  Object* reloc_info_array = AllocateByteArray(reloc_info.length(), TENURED);
+  if (reloc_info_array->IsFailure()) return reloc_info_array;
+
   int new_body_size = RoundUp(code->instruction_size(), kObjectAlignment);
 
   int sinfo_size = code->sinfo_size();
@@ -2442,9 +2449,6 @@ Object* Heap::CopyCode(Code* code, Vector<byte> reloc_info) {
 
   if (result->IsFailure()) return result;
 
-  Object* reloc_info_array = AllocateByteArray(reloc_info.length(), TENURED);
-  if (reloc_info_array->IsFailure()) return reloc_info_array;
-
   // Copy code object.
   Address new_addr = reinterpret_cast<HeapObject*>(result)->address();
 
-- 
2.7.4