heap: Fix accounting when returning linear allocation area

Bug: 948807 Change-Id: I65133443b258ba4125d664df08383e3bf395abe8 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1635524Reviewed-by: Kentaro Hara <haraken@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#664752}

heap: Fix accounting when returning linear allocation area
Bug: 948807 Change-Id: I65133443b258ba4125d664df08383e3bf395abe8 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1635524Reviewed-by: Kentaro Hara <haraken@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#664752}
0ab5d97d · Michael Lippautz · Commit Bot · e9e7baf1 · 0ab5d97d · 0ab5d97d
Commit 0ab5d97d authored May 30, 2019 by Michael Lippautz Committed by Commit Bot May 30, 2019
2 changed files
--- a/third_party/blink/renderer/platform/heap/heap_page.cc
+++ b/third_party/blink/renderer/platform/heap/heap_page.cc
@@ -805,7 +805,8 @@ void NormalPageArena::SetAllocationPoint(Address point, size_t size) {
  // Free and clear the old linear allocation area.
  if (HasCurrentAllocationArea()) {
    AddToFreeList(CurrentAllocationPoint(), RemainingAllocationSize());
-    SetRemainingAllocationSize(0);
+    GetThreadState()->Heap().DecreaseAllocatedObjectSize(
+        RemainingAllocationSize());
  }
  // Set up a new linear allocation area.
  current_allocation_point_ = point;

--- a/third_party/blink/renderer/platform/heap/heap_page.h
+++ b/third_party/blink/renderer/platform/heap/heap_page.h
@@ -884,6 +884,8 @@ class PLATFORM_EXPORT NormalPageArena final : public BaseArena {
  }
  void SetAllocationPoint(Address, size_t);
+  // Only use when adjusting the area from allocation and free and not when
+  // returning it to free list.
  void SetRemainingAllocationSize(size_t);
  FreeList free_list_;