Fix out-of-memory crashes related to ArrayBuffer allocation

third_party/WebKit/Source/modules/webgl/WebGLRenderingContextBase.cpp

 /*
  * Copyright (C) 2009 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
@@ skipping 2722 matching lines @@
         return getUnsignedIntParameter(scriptState, pname);
     case GL_BLEND_SRC_RGB:
         return getUnsignedIntParameter(scriptState, pname);
     case GL_BLUE_BITS:
         return getIntParameter(scriptState, pname);
     case GL_COLOR_CLEAR_VALUE:
         return getWebGLFloatArrayParameter(scriptState, pname);
     case GL_COLOR_WRITEMASK:
         return getBooleanArrayParameter(scriptState, pname);
     case GL_COMPRESSED_TEXTURE_FORMATS:
-        return WebGLAny(scriptState, DOMUint32Array::create(m_compressedTextureFormats.data(), m_compressedTextureFormats.size()));
+        return WebGLAny(scriptState, DOMUint32Array::deprecatedCreateOrCrash(m_compressedTextureFormats.data(), m_compressedTextureFormats.size()));
     case GL_CULL_FACE:
         return getBooleanParameter(scriptState, pname);
     case GL_CULL_FACE_MODE:
         return getUnsignedIntParameter(scriptState, pname);
     case GL_CURRENT_PROGRAM:
         return WebGLAny(scriptState, m_currentProgram.get());
     case GL_DEPTH_BITS:
         if (!m_framebufferBinding && !m_requestedAttributes.depth())
             return WebGLAny(scriptState, intZero);
         return getIntParameter(scriptState, pname);
@@ skipping 566 matching lines @@
                         synthesizeGLError(GL_INVALID_VALUE, "getUniform", "unhandled type");
                         return ScriptValue::createNull(scriptState);
                     }
                 }
                 switch (baseType) {
                 case GL_FLOAT: {
                     GLfloat value[16] = {0};
                     webContext()->getUniformfv(objectOrZero(program), location, value);
                     if (length == 1)
                         return WebGLAny(scriptState, value[0]);
-                    return WebGLAny(scriptState, DOMFloat32Array::create(value, length));
+                    return WebGLAny(scriptState, DOMFloat32Array::deprecatedCreateOrCrash(value, length));
                 }
                 case GL_INT: {
                     GLint value[4] = {0};
                     webContext()->getUniformiv(objectOrZero(program), location, value);
                     if (length == 1)
                         return WebGLAny(scriptState, value[0]);
-                    return WebGLAny(scriptState, DOMInt32Array::create(value, length));
+                    return WebGLAny(scriptState, DOMInt32Array::deprecatedCreateOrCrash(value, length));
                 }
                 case GL_UNSIGNED_INT: {
                     GLuint value[4] = {0};
                     webContext()->getUniformuiv(objectOrZero(program), location, value);
                     if (length == 1)
                         return WebGLAny(scriptState, value[0]);
-                    return WebGLAny(scriptState, DOMUint32Array::create(value, length));
+                    return WebGLAny(scriptState, DOMUint32Array::deprecatedCreateOrCrash(value, length));
                 }
                 case GL_BOOL: {
                     GLint value[4] = {0};
                     webContext()->getUniformiv(objectOrZero(program), location, value);
                     if (length > 1) {
                         bool boolValue[16] = {0};
                         for (unsigned j = 0; j < length; j++)
                             boolValue[j] = static_cast<bool>(value[j]);
                         return WebGLAny(scriptState, boolValue, length);
                     }
@@ skipping 57 matching lines @@
         return WebGLAny(scriptState, state->size);
     case GL_VERTEX_ATTRIB_ARRAY_STRIDE:
         return WebGLAny(scriptState, state->originalStride);
     case GL_VERTEX_ATTRIB_ARRAY_TYPE:
         return WebGLAny(scriptState, state->type);
     case GL_CURRENT_VERTEX_ATTRIB:
         {
             VertexAttribValue& attribValue = m_vertexAttribValue[index];
             switch (attribValue.type) {
             case Float32ArrayType:
-                return WebGLAny(scriptState, DOMFloat32Array::create(attribValue.value.floatValue, 4));
+                return WebGLAny(scriptState, DOMFloat32Array::deprecatedCreateOrCrash(attribValue.value.floatValue, 4));
             case Int32ArrayType:
-                return WebGLAny(scriptState, DOMInt32Array::create(attribValue.value.intValue, 4));
+                return WebGLAny(scriptState, DOMInt32Array::deprecatedCreateOrCrash(attribValue.value.intValue, 4));
             case Uint32ArrayType:
-                return WebGLAny(scriptState, DOMUint32Array::create(attribValue.value.uintValue, 4));
+                return WebGLAny(scriptState, DOMUint32Array::deprecatedCreateOrCrash(attribValue.value.uintValue, 4));
             default:
                 ASSERT_NOT_REACHED();
                 break;
             }
             return ScriptValue::createNull(scriptState);
         }
     case GL_VERTEX_ATTRIB_ARRAY_INTEGER:
         if (isWebGL2OrHigher()) {
             GLint value = 0;
             webContext()->getVertexAttribiv(index, pname, &value);
@@ skipping 1840 matching lines @@
     case GL_DEPTH_RANGE:
         length = 2;
         break;
     case GL_BLEND_COLOR:
     case GL_COLOR_CLEAR_VALUE:
         length = 4;
         break;
     default:
         notImplemented();
     }
-    return WebGLAny(scriptState, DOMFloat32Array::create(value, length));
+    return WebGLAny(scriptState, DOMFloat32Array::deprecatedCreateOrCrash(value, length));
 }
 
 ScriptValue WebGLRenderingContextBase::getWebGLIntArrayParameter(ScriptState* scriptState, GLenum pname)
 {
     GLint value[4] = {0};
     if (!isContextLost())
         webContext()->getIntegerv(pname, value);
     unsigned length = 0;
     switch (pname) {
     case GL_MAX_VIEWPORT_DIMS:
         length = 2;
         break;
     case GL_SCISSOR_BOX:
     case GL_VIEWPORT:
         length = 4;
         break;
     default:
         notImplemented();
     }
-    return WebGLAny(scriptState, DOMInt32Array::create(value, length));
+    return WebGLAny(scriptState, DOMInt32Array::deprecatedCreateOrCrash(value, length));
 }
 
 void WebGLRenderingContextBase::handleTextureCompleteness(const char* functionName, bool prepareToDraw)
 {
     // All calling functions check isContextLost, so a duplicate check is not needed here.
     bool resetActiveUnit = false;
     WebGLTexture::TextureExtensionFlag flag = static_cast<WebGLTexture::TextureExtensionFlag>((extensionEnabled(OESTextureFloatLinearName) ? WebGLTexture::TextureFloatLinearExtensionEnabled : 0)
         | ((extensionEnabled(OESTextureHalfFloatLinearName) || isWebGL2OrHigher()) ? WebGLTexture::TextureHalfFloatLinearExtensionEnabled : 0));
     for (unsigned ii = 0; ii < m_onePlusMaxNonDefaultTextureUnit; ++ii) {
         if ((m_textureUnits[ii].m_texture2DBinding.get() && m_textureUnits[ii].m_texture2DBinding->needToUseBlackTexture(flag))
@@ skipping 1514 matching lines @@
 
     return totalBytesPerPixel;
 }
 
 DrawingBuffer* WebGLRenderingContextBase::drawingBuffer() const
 {
     return m_drawingBuffer.get();
 }
 
 } // namespace blink