Large heap collection type hits assertion in Heap::allocationSizeFromSize

third_party/WebKit/Source/platform/heap/Heap.h

Index: third_party/WebKit/Source/platform/heap/Heap.h
diff --git a/third_party/WebKit/Source/platform/heap/Heap.h b/third_party/WebKit/Source/platform/heap/Heap.h
index 7c8fc9daf4eecb91222d253575655732ac9e5eb1..ddd5ae9b56c27123bbae9c56c64d5d367d4a4000 100644
--- a/third_party/WebKit/Source/platform/heap/Heap.h
+++ b/third_party/WebKit/Source/platform/heap/Heap.h
@@ -219,7 +219,7 @@ public:
         // Check the size before computing the actual allocation size.  The
         // allocation size calculation can overflow for large sizes and the check
         // therefore has to happen before any calculation on the size.
-        RELEASE_ASSERT(size < maxHeapObjectSize);

[haraken, 2016/03/31 08:00:41]

Can we remove the maxHeapObjectSize definition?

[keishi, 2016/03/31 08:07:39]

HeapAllocator::quantizedSize is using it.

+        RELEASE_ASSERT(size < std::numeric_limits<size_t>::max() - sizeof(HeapObjectHeader));

[haraken, 2016/03/31 08:00:41]

A better assert would be:

size_t allocationSize = size + sizeof(HeapObjectHeader);
RELEASE_ASSERT(allocationSize > size);

[keishi, 2016/03/31 08:07:39]

Done.

 
         // Add space for header.
         size_t allocationSize = size + sizeof(HeapObjectHeader);