Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(142)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/dom/DOMTypedArray.cpp

Issue 1414553002: Fix out-of-memory crashes related to ArrayBuffer allocation Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« third_party/WebKit/Source/core/dom/DOMTypedArray.h ('K') | « third_party/WebKit/Source/core/dom/DOMTypedArray.h ('k') | third_party/WebKit/Source/core/fileapi/FileReaderLoader.cpp » ('j') | third_party/WebKit/Source/wtf/ArrayBufferBuilder.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "config.h" 5 #include "config.h"
6 #include "core/dom/DOMTypedArray.h" 6 #include "core/dom/DOMTypedArray.h"
7 7
8 #include "bindings/core/v8/DOMDataStore.h" 8 #include "bindings/core/v8/DOMDataStore.h"
9 #include "bindings/core/v8/V8ArrayBuffer.h" 9 #include "bindings/core/v8/V8ArrayBuffer.h"
10 #include "bindings/core/v8/V8Float32Array.h" 10 #include "bindings/core/v8/V8Float32Array.h"
(...skipping 12 matching lines...) Expand all
23 v8::Local<v8::Object> DOMTypedArray<WTFTypedArray, V8TypedArray>::wrap(v8::Isola te* isolate, v8::Local<v8::Object> creationContext) 23 v8::Local<v8::Object> DOMTypedArray<WTFTypedArray, V8TypedArray>::wrap(v8::Isola te* isolate, v8::Local<v8::Object> creationContext)
24 { 24 {
25 // It's possible that no one except for the new wrapper owns this object at 25 // It's possible that no one except for the new wrapper owns this object at
26 // this moment, so we have to prevent GC to collect this object until the 26 // this moment, so we have to prevent GC to collect this object until the
27 // object gets associated with the wrapper. 27 // object gets associated with the wrapper.
28 RefPtr<ThisType> protect(this); 28 RefPtr<ThisType> protect(this);
29 29
30 ASSERT(!DOMDataStore::containsWrapper(this, isolate)); 30 ASSERT(!DOMDataStore::containsWrapper(this, isolate));
31 31
32 const WrapperTypeInfo* wrapperTypeInfo = this->wrapperTypeInfo(); 32 const WrapperTypeInfo* wrapperTypeInfo = this->wrapperTypeInfo();
33 RefPtr<DOMArrayBufferBase> buffer = this->bufferBase(); 33 RefPtr<DOMArrayBufferBase> buffer = this->bufferBaseOrNull();
34 v8::Local<v8::Value> v8Buffer = toV8(buffer.get(), creationContext, isolate) ; 34 v8::Local<v8::Value> v8Buffer = toV8(buffer.get(), creationContext, isolate) ;
35 if (v8Buffer.IsEmpty()) 35 if (v8Buffer.IsEmpty())
36 return v8::Local<v8::Object>(); 36 return v8::Local<v8::Object>();
37 ASSERT(isShared() == v8Buffer->IsSharedArrayBuffer()); 37 ASSERT(isShared() == v8Buffer->IsSharedArrayBuffer());
38 38
39 v8::Local<v8::Object> wrapper; 39 v8::Local<v8::Object> wrapper;
40 if (isShared()) { 40 if (isShared()) {
41 wrapper = V8TypedArray::New(v8Buffer.As<v8::SharedArrayBuffer>(), byteOf fset(), length()); 41 wrapper = V8TypedArray::New(v8Buffer.As<v8::SharedArrayBuffer>(), byteOf fset(), length());
42 } else { 42 } else {
43 wrapper = V8TypedArray::New(v8Buffer.As<v8::ArrayBuffer>(), byteOffset() , length()); 43 wrapper = V8TypedArray::New(v8Buffer.As<v8::ArrayBuffer>(), byteOffset() , length());
(...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after
76 template class CORE_TEMPLATE_EXPORT DOMTypedArray<WTF::Int16Array, v8::Int16Arra y>; 76 template class CORE_TEMPLATE_EXPORT DOMTypedArray<WTF::Int16Array, v8::Int16Arra y>;
77 template class CORE_TEMPLATE_EXPORT DOMTypedArray<WTF::Int32Array, v8::Int32Arra y>; 77 template class CORE_TEMPLATE_EXPORT DOMTypedArray<WTF::Int32Array, v8::Int32Arra y>;
78 template class CORE_TEMPLATE_EXPORT DOMTypedArray<WTF::Uint8Array, v8::Uint8Arra y>; 78 template class CORE_TEMPLATE_EXPORT DOMTypedArray<WTF::Uint8Array, v8::Uint8Arra y>;
79 template class CORE_TEMPLATE_EXPORT DOMTypedArray<WTF::Uint8ClampedArray, v8::Ui nt8ClampedArray>; 79 template class CORE_TEMPLATE_EXPORT DOMTypedArray<WTF::Uint8ClampedArray, v8::Ui nt8ClampedArray>;
80 template class CORE_TEMPLATE_EXPORT DOMTypedArray<WTF::Uint16Array, v8::Uint16Ar ray>; 80 template class CORE_TEMPLATE_EXPORT DOMTypedArray<WTF::Uint16Array, v8::Uint16Ar ray>;
81 template class CORE_TEMPLATE_EXPORT DOMTypedArray<WTF::Uint32Array, v8::Uint32Ar ray>; 81 template class CORE_TEMPLATE_EXPORT DOMTypedArray<WTF::Uint32Array, v8::Uint32Ar ray>;
82 template class CORE_TEMPLATE_EXPORT DOMTypedArray<WTF::Float32Array, v8::Float32 Array>; 82 template class CORE_TEMPLATE_EXPORT DOMTypedArray<WTF::Float32Array, v8::Float32 Array>;
83 template class CORE_TEMPLATE_EXPORT DOMTypedArray<WTF::Float64Array, v8::Float64 Array>; 83 template class CORE_TEMPLATE_EXPORT DOMTypedArray<WTF::Float64Array, v8::Float64 Array>;
84 84
85 } // namespace blink 85 } // namespace blink
OLDNEW
« third_party/WebKit/Source/core/dom/DOMTypedArray.h ('K') | « third_party/WebKit/Source/core/dom/DOMTypedArray.h ('k') | third_party/WebKit/Source/core/fileapi/FileReaderLoader.cpp » ('j') | third_party/WebKit/Source/wtf/ArrayBufferBuilder.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698