Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(163)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/dom/DOMDataView.cpp

Issue 1414553002: Fix out-of-memory crashes related to ArrayBuffer allocation Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« third_party/WebKit/Source/core/dom/DOMArrayBuffer.h ('K') | « third_party/WebKit/Source/core/dom/DOMArrayBufferView.h ('k') | third_party/WebKit/Source/core/dom/DOMMatrixReadOnly.h » ('j') | third_party/WebKit/Source/core/dom/DOMTypedArray.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "config.h" 5 #include "config.h"
6 #include "core/dom/DOMDataView.h" 6 #include "core/dom/DOMDataView.h"
7 7
8 #include "bindings/core/v8/DOMDataStore.h" 8 #include "bindings/core/v8/DOMDataStore.h"
9 #include "bindings/core/v8/V8ArrayBuffer.h" 9 #include "bindings/core/v8/V8ArrayBuffer.h"
10 #include "platform/CheckedInt.h" 10 #include "platform/CheckedInt.h"
(...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after
57 v8::Local<v8::Object> DOMDataView::wrap(v8::Isolate* isolate, v8::Local<v8::Obje ct> creationContext) 57 v8::Local<v8::Object> DOMDataView::wrap(v8::Isolate* isolate, v8::Local<v8::Obje ct> creationContext)
58 { 58 {
59 // It's possible that no one except for the new wrapper owns this object at 59 // It's possible that no one except for the new wrapper owns this object at
60 // this moment, so we have to prevent GC to collect this object until the 60 // this moment, so we have to prevent GC to collect this object until the
61 // object gets associated with the wrapper. 61 // object gets associated with the wrapper.
62 RefPtr<DOMDataView> protect(this); 62 RefPtr<DOMDataView> protect(this);
63 63
64 ASSERT(!DOMDataStore::containsWrapper(this, isolate)); 64 ASSERT(!DOMDataStore::containsWrapper(this, isolate));
65 65
66 const WrapperTypeInfo* wrapperTypeInfo = this->wrapperTypeInfo(); 66 const WrapperTypeInfo* wrapperTypeInfo = this->wrapperTypeInfo();
67 v8::Local<v8::Value> v8Buffer = toV8(buffer(), creationContext, isolate); 67 v8::Local<v8::Value> v8Buffer = toV8(bufferOrNull(), creationContext, isolat e);
68 if (v8Buffer.IsEmpty()) 68 if (v8Buffer.IsEmpty())
69 return v8::Local<v8::Object>(); 69 return v8::Local<v8::Object>();
70 ASSERT(v8Buffer->IsArrayBuffer()); 70 ASSERT(v8Buffer->IsArrayBuffer());
71 71
72 v8::Local<v8::Object> wrapper = v8::DataView::New(v8Buffer.As<v8::ArrayBuffe r>(), byteOffset(), byteLength()); 72 v8::Local<v8::Object> wrapper = v8::DataView::New(v8Buffer.As<v8::ArrayBuffe r>(), byteOffset(), byteLength());
73 73
74 return associateWithWrapper(isolate, wrapperTypeInfo, wrapper); 74 return associateWithWrapper(isolate, wrapperTypeInfo, wrapper);
75 } 75 }
76 76
77 } // namespace blink 77 } // namespace blink
OLDNEW
« third_party/WebKit/Source/core/dom/DOMArrayBuffer.h ('K') | « third_party/WebKit/Source/core/dom/DOMArrayBufferView.h ('k') | third_party/WebKit/Source/core/dom/DOMMatrixReadOnly.h » ('j') | third_party/WebKit/Source/core/dom/DOMTypedArray.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698