| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2004, 2006, 2008 Apple Inc. All rights reserved. | 2 * Copyright (C) 2004, 2006, 2008 Apple Inc. All rights reserved. |
| 3 * Copyright (C) 2005-2007 Alexey Proskuryakov <ap@webkit.org> | 3 * Copyright (C) 2005-2007 Alexey Proskuryakov <ap@webkit.org> |
| 4 * Copyright (C) 2007, 2008 Julien Chaffraix <jchaffraix@webkit.org> | 4 * Copyright (C) 2007, 2008 Julien Chaffraix <jchaffraix@webkit.org> |
| 5 * Copyright (C) 2008, 2011 Google Inc. All rights reserved. | 5 * Copyright (C) 2008, 2011 Google Inc. All rights reserved. |
| 6 * Copyright (C) 2012 Intel Corporation | 6 * Copyright (C) 2012 Intel Corporation |
| 7 * | 7 * |
| 8 * This library is free software; you can redistribute it and/or | 8 * This library is free software; you can redistribute it and/or |
| 9 * modify it under the terms of the GNU Lesser General Public | 9 * modify it under the terms of the GNU Lesser General Public |
| 10 * License as published by the Free Software Foundation; either | 10 * License as published by the Free Software Foundation; either |
| (...skipping 347 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 358 | 358 |
| 359 DOMArrayBuffer* XMLHttpRequest::responseArrayBuffer() | 359 DOMArrayBuffer* XMLHttpRequest::responseArrayBuffer() |
| 360 { | 360 { |
| 361 ASSERT(m_responseTypeCode == ResponseTypeArrayBuffer); | 361 ASSERT(m_responseTypeCode == ResponseTypeArrayBuffer); |
| 362 | 362 |
| 363 if (m_error || m_state != DONE) | 363 if (m_error || m_state != DONE) |
| 364 return nullptr; | 364 return nullptr; |
| 365 | 365 |
| 366 if (!m_responseArrayBuffer) { | 366 if (!m_responseArrayBuffer) { |
| 367 if (m_binaryResponseBuilder && m_binaryResponseBuilder->size()) { | 367 if (m_binaryResponseBuilder && m_binaryResponseBuilder->size()) { |
| 368 RefPtr<DOMArrayBuffer> buffer = DOMArrayBuffer::createUninitialized(
m_binaryResponseBuilder->size(), 1); | 368 RefPtr<DOMArrayBuffer> buffer = DOMArrayBuffer::createUninitializedO
rNull(m_binaryResponseBuilder->size(), 1); |
| 369 if (!m_binaryResponseBuilder->getAsBytes(buffer->data(), buffer->byt
eLength())) { | 369 if (!buffer || !m_binaryResponseBuilder->getAsBytes(buffer->data(),
buffer->byteLength())) { |
| 370 // m_binaryResponseBuilder failed to allocate an ArrayBuffer. | 370 // m_binaryResponseBuilder failed to allocate an ArrayBuffer. |
| 371 // We need to crash the renderer since there's no way defined in | 371 // We need to crash the renderer since there's no way defined in |
| 372 // the spec to tell this to the user. | 372 // the spec to tell this to the user. |
| 373 CRASH(); | 373 CRASH(); |
| 374 } | 374 } |
| 375 m_responseArrayBuffer = buffer.release(); | 375 m_responseArrayBuffer = buffer.release(); |
| 376 m_binaryResponseBuilder.clear(); | 376 m_binaryResponseBuilder.clear(); |
| 377 } else { | 377 } else { |
| 378 m_responseArrayBuffer = DOMArrayBuffer::create(nullptr, 0); | 378 m_responseArrayBuffer = DOMArrayBuffer::createOrNull(nullptr, 0); |
| 379 RELEASE_ASSERT(m_responseArrayBuffer); // size 0 -> should never fai
l internal buffer alloc |
| 379 } | 380 } |
| 380 } | 381 } |
| 381 | 382 |
| 382 return m_responseArrayBuffer.get(); | 383 return m_responseArrayBuffer.get(); |
| 383 } | 384 } |
| 384 | 385 |
| 385 Stream* XMLHttpRequest::responseLegacyStream() | 386 Stream* XMLHttpRequest::responseLegacyStream() |
| 386 { | 387 { |
| 387 ASSERT(m_responseTypeCode == ResponseTypeLegacyStream); | 388 ASSERT(m_responseTypeCode == ResponseTypeLegacyStream); |
| 388 | 389 |
| (...skipping 1326 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1715 visitor->trace(m_responseDocumentParser); | 1716 visitor->trace(m_responseDocumentParser); |
| 1716 visitor->trace(m_progressEventThrottle); | 1717 visitor->trace(m_progressEventThrottle); |
| 1717 visitor->trace(m_upload); | 1718 visitor->trace(m_upload); |
| 1718 visitor->trace(m_blobLoader); | 1719 visitor->trace(m_blobLoader); |
| 1719 XMLHttpRequestEventTarget::trace(visitor); | 1720 XMLHttpRequestEventTarget::trace(visitor); |
| 1720 DocumentParserClient::trace(visitor); | 1721 DocumentParserClient::trace(visitor); |
| 1721 ActiveDOMObject::trace(visitor); | 1722 ActiveDOMObject::trace(visitor); |
| 1722 } | 1723 } |
| 1723 | 1724 |
| 1724 } // namespace blink | 1725 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1414553002:
Fix out-of-memory crashes related to ArrayBuffer allocation
Base URL: https://chromium.googlesource.com/chromium/src.git@master