| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2010 Google Inc. All rights reserved. | 2 * Copyright (C) 2010 Google Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
| 6 * met: | 6 * met: |
| 7 * | 7 * |
| 8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
| (...skipping 118 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 129 } else { | 129 } else { |
| 130 Vector<v8::Local<v8::ArrayBuffer>, 4> bufferHandles; | 130 Vector<v8::Local<v8::ArrayBuffer>, 4> bufferHandles; |
| 131 v8::HandleScope handleScope(isolate); | 131 v8::HandleScope handleScope(isolate); |
| 132 acculumateArrayBuffersForAllWorlds(isolate, static_pointer_cast<DOMA
rrayBuffer>(arrayBuffers[i]).get(), bufferHandles); | 132 acculumateArrayBuffersForAllWorlds(isolate, static_pointer_cast<DOMA
rrayBuffer>(arrayBuffers[i]).get(), bufferHandles); |
| 133 bool isNeuterable = true; | 133 bool isNeuterable = true; |
| 134 for (size_t j = 0; j < bufferHandles.size(); j++) | 134 for (size_t j = 0; j < bufferHandles.size(); j++) |
| 135 isNeuterable &= bufferHandles[j]->IsNeuterable(); | 135 isNeuterable &= bufferHandles[j]->IsNeuterable(); |
| 136 | 136 |
| 137 RefPtr<DOMArrayBufferBase> toTransfer = arrayBuffers[i]; | 137 RefPtr<DOMArrayBufferBase> toTransfer = arrayBuffers[i]; |
| 138 if (!isNeuterable) | 138 if (!isNeuterable) |
| 139 toTransfer = DOMArrayBuffer::create(arrayBuffers[i]->buffer()); | 139 toTransfer = DOMArrayBuffer::createOrNull(arrayBuffers[i]->buffe
r()); |
| 140 bool result = toTransfer->transfer(contents->at(i)); | 140 bool result = toTransfer ? toTransfer->transfer(contents->at(i)) : f
alse; |
| 141 if (!result) { | 141 if (!result) { |
| 142 exceptionState.throwDOMException(DataCloneError, "ArrayBuffer at
index " + String::number(i) + " could not be transferred."); | 142 exceptionState.throwDOMException(DataCloneError, "ArrayBuffer at
index " + String::number(i) + " could not be transferred."); |
| 143 return nullptr; | 143 return nullptr; |
| 144 } | 144 } |
| 145 | 145 |
| 146 if (isNeuterable) | 146 if (isNeuterable) |
| 147 for (size_t j = 0; j < bufferHandles.size(); j++) | 147 for (size_t j = 0; j < bufferHandles.size(); j++) |
| 148 bufferHandles[j]->Neuter(); | 148 bufferHandles[j]->Neuter(); |
| 149 } | 149 } |
| 150 | 150 |
| (...skipping 102 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 253 v8::Isolate::GetCurrent()->AdjustAmountOfExternalAllocatedMemory(-m_exte
rnallyAllocatedMemory); | 253 v8::Isolate::GetCurrent()->AdjustAmountOfExternalAllocatedMemory(-m_exte
rnallyAllocatedMemory); |
| 254 } | 254 } |
| 255 } | 255 } |
| 256 | 256 |
| 257 void SerializedScriptValue::transferArrayBuffers(v8::Isolate* isolate, ArrayBuff
erArray& arrayBuffers, ExceptionState& exceptionState) | 257 void SerializedScriptValue::transferArrayBuffers(v8::Isolate* isolate, ArrayBuff
erArray& arrayBuffers, ExceptionState& exceptionState) |
| 258 { | 258 { |
| 259 m_arrayBufferContentsArray = createArrayBuffers(isolate, arrayBuffers, excep
tionState); | 259 m_arrayBufferContentsArray = createArrayBuffers(isolate, arrayBuffers, excep
tionState); |
| 260 } | 260 } |
| 261 | 261 |
| 262 } // namespace blink | 262 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1414553002:
Fix out-of-memory crashes related to ArrayBuffer allocation
Base URL: https://chromium.googlesource.com/chromium/src.git@master