Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(564)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/modules/encryptedmedia/MediaKeySession.cpp

Issue 1414553002: Fix out-of-memory crashes related to ArrayBuffer allocation Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« third_party/WebKit/Source/core/dom/DOMTypedArray.h ('K') | « third_party/WebKit/Source/modules/encryptedmedia/HTMLMediaElementEncryptedMedia.cpp ('k') | third_party/WebKit/Source/modules/encryptedmedia/MediaKeyStatusMap.cpp » ('j') | third_party/WebKit/Source/wtf/ArrayBufferBuilder.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2013 Apple Inc. All rights reserved. 2 * Copyright (C) 2013 Apple Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions 5 * modification, are permitted provided that the following conditions
6 * are met: 6 * are met:
7 * 1. Redistributions of source code must retain the above copyright 7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer. 8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright 9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the 10 * notice, this list of conditions and the following disclaimer in the
(...skipping 416 matching lines...) Expand 10 before | Expand all | Expand 10 after
427 // (blink side doesn't know what the CDM supports, so the proper check 427 // (blink side doesn't know what the CDM supports, so the proper check
428 // will be done on the Chromium side. However, we can verify that 428 // will be done on the Chromium side. However, we can verify that
429 // |initDataType| is one of the registered values.) 429 // |initDataType| is one of the registered values.)
430 WebEncryptedMediaInitDataType initDataType = EncryptedMediaUtils::convertToI nitDataType(initDataTypeString); 430 WebEncryptedMediaInitDataType initDataType = EncryptedMediaUtils::convertToI nitDataType(initDataTypeString);
431 if (initDataType == WebEncryptedMediaInitDataType::Unknown) { 431 if (initDataType == WebEncryptedMediaInitDataType::Unknown) {
432 return ScriptPromise::rejectWithDOMException( 432 return ScriptPromise::rejectWithDOMException(
433 scriptState, DOMException::create(NotSupportedError, "The initializa tion data type '" + initDataTypeString + "' is not supported.")); 433 scriptState, DOMException::create(NotSupportedError, "The initializa tion data type '" + initDataTypeString + "' is not supported."));
434 } 434 }
435 435
436 // 6. Let init data be a copy of the contents of the initData parameter. 436 // 6. Let init data be a copy of the contents of the initData parameter.
437 RefPtr<DOMArrayBuffer> initDataBuffer = DOMArrayBuffer::create(initData.data (), initData.byteLength()); 437 RefPtr<DOMArrayBuffer> initDataBuffer = DOMArrayBuffer::createOrNull(initDat a.data(), initData.byteLength());
438 if (!initDataBuffer) {
439
440 }
438 441
439 // 7. Let session type be this object's session type. 442 // 7. Let session type be this object's session type.
440 // (Done in constructor.) 443 // (Done in constructor.)
441 444
442 // 8. Let promise be a new promise. 445 // 8. Let promise be a new promise.
443 NewSessionResultPromise* result = new NewSessionResultPromise(scriptState, t his); 446 NewSessionResultPromise* result = new NewSessionResultPromise(scriptState, t his);
444 ScriptPromise promise = result->promise(); 447 ScriptPromise promise = result->promise();
445 448
446 // 9. Run the following steps asynchronously (documented in 449 // 9. Run the following steps asynchronously (documented in
447 // actionTimerFired()) 450 // actionTimerFired())
(...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after
522 return CreateRejectedPromiseNotCallable(scriptState); 525 return CreateRejectedPromiseNotCallable(scriptState);
523 526
524 // 2. If response is an empty array, return a promise rejected with a 527 // 2. If response is an empty array, return a promise rejected with a
525 // new DOMException whose name is InvalidAccessError. 528 // new DOMException whose name is InvalidAccessError.
526 if (!response.byteLength()) { 529 if (!response.byteLength()) {
527 return ScriptPromise::rejectWithDOMException( 530 return ScriptPromise::rejectWithDOMException(
528 scriptState, DOMException::create(InvalidAccessError, "The response parameter is empty.")); 531 scriptState, DOMException::create(InvalidAccessError, "The response parameter is empty."));
529 } 532 }
530 533
531 // 3. Let response copy be a copy of the contents of the response parameter. 534 // 3. Let response copy be a copy of the contents of the response parameter.
532 RefPtr<DOMArrayBuffer> responseCopy = DOMArrayBuffer::create(response.data() , response.byteLength()); 535 RefPtr<DOMArrayBuffer> responseCopy = DOMArrayBuffer::createOrNull(response. data(), response.byteLength());
536 if (!responseCopy) {
537 return ScriptPromise::rejectWithDOMException(
538 scriptState, DOMException::create(V8RangeError, "Out of Memory."));
539 }
533 540
534 // 4. Let promise be a new promise. 541 // 4. Let promise be a new promise.
535 SimpleContentDecryptionModuleResultPromise* result = new SimpleContentDecryp tionModuleResultPromise(scriptState); 542 SimpleContentDecryptionModuleResultPromise* result = new SimpleContentDecryp tionModuleResultPromise(scriptState);
536 ScriptPromise promise = result->promise(); 543 ScriptPromise promise = result->promise();
537 544
538 // 5. Run the following steps asynchronously (documented in 545 // 5. Run the following steps asynchronously (documented in
539 // actionTimerFired()) 546 // actionTimerFired())
540 m_pendingActions.append(PendingAction::CreatePendingUpdate(result, responseC opy.release())); 547 m_pendingActions.append(PendingAction::CreatePendingUpdate(result, responseC opy.release()));
541 if (!m_actionTimer.isActive()) 548 if (!m_actionTimer.isActive())
542 m_actionTimer.startOneShot(0, FROM_HERE); 549 m_actionTimer.startOneShot(0, FROM_HERE);
(...skipping 250 matching lines...) Expand 10 before | Expand all | Expand 10 after
793 case WebContentDecryptionModuleSession::Client::MessageType::LicenseRequest: 800 case WebContentDecryptionModuleSession::Client::MessageType::LicenseRequest:
794 init.setMessageType("license-request"); 801 init.setMessageType("license-request");
795 break; 802 break;
796 case WebContentDecryptionModuleSession::Client::MessageType::LicenseRenewal: 803 case WebContentDecryptionModuleSession::Client::MessageType::LicenseRenewal:
797 init.setMessageType("license-renewal"); 804 init.setMessageType("license-renewal");
798 break; 805 break;
799 case WebContentDecryptionModuleSession::Client::MessageType::LicenseRelease: 806 case WebContentDecryptionModuleSession::Client::MessageType::LicenseRelease:
800 init.setMessageType("license-release"); 807 init.setMessageType("license-release");
801 break; 808 break;
802 } 809 }
803 init.setMessage(DOMArrayBuffer::create(static_cast<const void*>(message), me ssageLength)); 810 init.setMessage(DOMArrayBuffer::deprecatedCreateOrCrash(static_cast<const vo id*>(message), messageLength));
804 811
805 RefPtrWillBeRawPtr<MediaKeyMessageEvent> event = MediaKeyMessageEvent::creat e(EventTypeNames::message, init); 812 RefPtrWillBeRawPtr<MediaKeyMessageEvent> event = MediaKeyMessageEvent::creat e(EventTypeNames::message, init);
806 event->setTarget(this); 813 event->setTarget(this);
807 m_asyncEventQueue->enqueueEvent(event.release()); 814 m_asyncEventQueue->enqueueEvent(event.release());
808 } 815 }
809 816
810 void MediaKeySession::close() 817 void MediaKeySession::close()
811 { 818 {
812 WTF_LOG(Media, "MediaKeySession(%p)::close", this); 819 WTF_LOG(Media, "MediaKeySession(%p)::close", this);
813 820
(...skipping 111 matching lines...) Expand 10 before | Expand all | Expand 10 after
925 visitor->trace(m_asyncEventQueue); 932 visitor->trace(m_asyncEventQueue);
926 visitor->trace(m_pendingActions); 933 visitor->trace(m_pendingActions);
927 visitor->trace(m_mediaKeys); 934 visitor->trace(m_mediaKeys);
928 visitor->trace(m_keyStatusesMap); 935 visitor->trace(m_keyStatusesMap);
929 visitor->trace(m_closedPromise); 936 visitor->trace(m_closedPromise);
930 RefCountedGarbageCollectedEventTargetWithInlineData<MediaKeySession>::trace( visitor); 937 RefCountedGarbageCollectedEventTargetWithInlineData<MediaKeySession>::trace( visitor);
931 ActiveDOMObject::trace(visitor); 938 ActiveDOMObject::trace(visitor);
932 } 939 }
933 940
934 } // namespace blink 941 } // namespace blink
OLDNEW
« third_party/WebKit/Source/core/dom/DOMTypedArray.h ('K') | « third_party/WebKit/Source/modules/encryptedmedia/HTMLMediaElementEncryptedMedia.cpp ('k') | third_party/WebKit/Source/modules/encryptedmedia/MediaKeyStatusMap.cpp » ('j') | third_party/WebKit/Source/wtf/ArrayBufferBuilder.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698