Fix out-of-memory crashes related to ArrayBuffer allocation

third_party/WebKit/Source/modules/encryptedmedia/HTMLMediaElementEncryptedMedia.cpp

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "config.h"
 #include "modules/encryptedmedia/HTMLMediaElementEncryptedMedia.h"
 
 #include "bindings/core/v8/ExceptionState.h"
 #include "bindings/core/v8/ScriptPromise.h"
 #include "bindings/core/v8/ScriptPromiseResolver.h"
@@ skipping 341 matching lines @@
 
     // 2. Let promise be a new promise. Remaining steps done in handler.
     return SetMediaKeysHandler::create(scriptState, element, mediaKeys);
 }
 
 // Create a MediaEncryptedEvent for WD EME.
 static PassRefPtrWillBeRawPtr<Event> createEncryptedEvent(WebEncryptedMediaInitDataType initDataType, const unsigned char* initData, unsigned initDataLength)
 {
     MediaEncryptedEventInit initializer;
     initializer.setInitDataType(EncryptedMediaUtils::convertFromInitDataType(initDataType));
-    initializer.setInitData(DOMArrayBuffer::create(initData, initDataLength));
+    // TODO(junov): crbug.com/536816
+    // We should use createOrNull instead of deprecatedCreateOrCrash to
+    // fail gracefully instead of crashing the process when allocation fails.
+    // Need to investigate how this should be handled in the spec.
+    // Would it make sense to throw a RangeError exception from here? Would
+    // it be okay pass a nullptr to setInitData?
+    initializer.setInitData(DOMArrayBuffer::deprecatedCreateOrCrash(initData, initDataLength));
     initializer.setBubbles(false);
     initializer.setCancelable(false);
 
     return MediaEncryptedEvent::create(EventTypeNames::encrypted, initializer);
 }
 
 // Create a 'needkey' MediaKeyEvent for v0.1b EME.
 static PassRefPtrWillBeRawPtr<Event> createWebkitNeedKeyEvent(const unsigned char* initData, unsigned initDataLength)
 {
     MediaKeyEventInit webkitInitializer;
-    webkitInitializer.setInitData(DOMUint8Array::create(initData, initDataLength));
+    // TODO(junov): crbug.com/536816
+    // We should use createOrNull instead of deprecatedCreateOrCrash to
+    // fail gracefully instead of crashing the process when allocation fails.
+    // Need to investigate how this should be handled in the spec.
+    // Would it make sense to throw a RangeError exception from here? Would
+    // it be okay pass a nullptr to setInitData?
+    webkitInitializer.setInitData(DOMUint8Array::createOrNull(initData, initDataLength));
 
     return MediaKeyEvent::create(EventTypeNames::webkitneedkey, webkitInitializer);
 }
 
 void HTMLMediaElementEncryptedMedia::webkitGenerateKeyRequest(HTMLMediaElement& element, const String& keySystem, PassRefPtr<DOMUint8Array> initData, ExceptionState& exceptionState)
 {
     HTMLMediaElementEncryptedMedia::from(element).generateKeyRequest(element.webMediaPlayer(), keySystem, initData, exceptionState);
 }
 
 void HTMLMediaElementEncryptedMedia::generateKeyRequest(WebMediaPlayer* webMediaPlayer, const String& keySystem, PassRefPtr<DOMUint8Array> initData, ExceptionState& exceptionState)
@@ skipping 21 matching lines @@
         initDataPointer = initData->data();
         initDataLength = initData->length();
     }
 
     WebMediaPlayer::MediaKeyException result = webMediaPlayer->generateKeyRequest(keySystem, initDataPointer, initDataLength);
     throwExceptionIfMediaKeyExceptionOccurred(keySystem, String(), result, exceptionState);
 }
 
 void HTMLMediaElementEncryptedMedia::webkitGenerateKeyRequest(HTMLMediaElement& mediaElement, const String& keySystem, ExceptionState& exceptionState)
 {
-    webkitGenerateKeyRequest(mediaElement, keySystem, DOMUint8Array::create(0), exceptionState);
+    RefPtr<DOMUint8Array> emptyArray = DOMUint8Array::deprecatedCreateOrCrash(nullptr, 0);
+    webkitGenerateKeyRequest(mediaElement, keySystem, emptyArray.release(), exceptionState);
 }
 
 void HTMLMediaElementEncryptedMedia::webkitAddKey(HTMLMediaElement& element, const String& keySystem, PassRefPtr<DOMUint8Array> key, PassRefPtr<DOMUint8Array> initData, const String& sessionId, ExceptionState& exceptionState)
 {
     HTMLMediaElementEncryptedMedia::from(element).addKey(element.webMediaPlayer(), keySystem, key, initData, sessionId, exceptionState);
 }
 
 void HTMLMediaElementEncryptedMedia::addKey(WebMediaPlayer* webMediaPlayer, const String& keySystem, PassRefPtr<DOMUint8Array> key, PassRefPtr<DOMUint8Array> initData, const String& sessionId, ExceptionState& exceptionState)
 {
     WTF_LOG(Media, "HTMLMediaElementEncryptedMedia::webkitAddKey");
@@ skipping 29 matching lines @@
         initDataPointer = initData->data();
         initDataLength = initData->length();
     }
 
     WebMediaPlayer::MediaKeyException result = webMediaPlayer->addKey(keySystem, key->data(), key->length(), initDataPointer, initDataLength, sessionId);
     throwExceptionIfMediaKeyExceptionOccurred(keySystem, sessionId, result, exceptionState);
 }
 
 void HTMLMediaElementEncryptedMedia::webkitAddKey(HTMLMediaElement& mediaElement, const String& keySystem, PassRefPtr<DOMUint8Array> key, ExceptionState& exceptionState)
 {
-    webkitAddKey(mediaElement, keySystem, key, DOMUint8Array::create(0), String(), exceptionState);
+    webkitAddKey(mediaElement, keySystem, key, DOMUint8Array::deprecatedCreateOrCrash(nullptr, 0), String(), exceptionState);
 }
 
 void HTMLMediaElementEncryptedMedia::webkitCancelKeyRequest(HTMLMediaElement& element, const String& keySystem, const String& sessionId, ExceptionState& exceptionState)
 {
     HTMLMediaElementEncryptedMedia::from(element).cancelKeyRequest(element.webMediaPlayer(), keySystem, sessionId, exceptionState);
 }
 
 void HTMLMediaElementEncryptedMedia::cancelKeyRequest(WebMediaPlayer* webMediaPlayer, const String& keySystem, const String& sessionId, ExceptionState& exceptionState)
 {
     WTF_LOG(Media, "HTMLMediaElementEncryptedMedia::webkitCancelKeyRequest");
@@ skipping 67 matching lines @@
     m_mediaElement->scheduleEvent(event.release());
 }
 
 void HTMLMediaElementEncryptedMedia::keyMessage(const WebString& keySystem, const WebString& sessionId, const unsigned char* message, unsigned messageLength, const WebURL& defaultURL)
 {
     WTF_LOG(Media, "HTMLMediaElementEncryptedMedia::mediaPlayerKeyMessage: sessionID=%s", sessionId.utf8().data());
 
     MediaKeyEventInit initializer;
     initializer.setKeySystem(keySystem);
     initializer.setSessionId(sessionId);
-    initializer.setMessage(DOMUint8Array::create(message, messageLength));
+    // TODO(junov): crbug.com/536816
+    // Should use createOrNull instead of deprecatedCreateOrCrash.
+    // Need to find an acceptable way to fail gracefully when allocation
+    // fails. Possible solutions: throw a RangeError exception, pass
+    // a null message
+    initializer.setMessage(DOMUint8Array::deprecatedCreateOrCrash(message, messageLength));
     initializer.setDefaultURL(KURL(defaultURL));
 
     RefPtrWillBeRawPtr<Event> event = MediaKeyEvent::create(EventTypeNames::webkitkeymessage, initializer);
     event->setTarget(m_mediaElement);
     m_mediaElement->scheduleEvent(event.release());
 }
 
 void HTMLMediaElementEncryptedMedia::encrypted(WebEncryptedMediaInitDataType initDataType, const unsigned char* initData, unsigned initDataLength)
 {
     WTF_LOG(Media, "HTMLMediaElementEncryptedMedia::encrypted");
 
     if (RuntimeEnabledFeatures::encryptedMediaEnabled()) {
         // Send event for WD EME.
         RefPtrWillBeRawPtr<Event> event;
         if (m_mediaElement->isMediaDataCORSSameOrigin(m_mediaElement->executionContext()->securityOrigin())) {
+            // TODO(junov): crbug.com/536816
+            // This creates an event with no data if the allocation of the array buffer fails.
+            // Should we be aborting when that happens?
             event = createEncryptedEvent(initDataType, initData, initDataLength);
         } else {
             // Current page is not allowed to see content from the media file,
             // so don't return the initData. However, they still get an event.
             event = createEncryptedEvent(WebEncryptedMediaInitDataType::Unknown, nullptr, 0);
         }
 
         event->setTarget(m_mediaElement);
         m_mediaElement->scheduleEvent(event.release());
     }
@@ skipping 47 matching lines @@
 }
 
 DEFINE_TRACE(HTMLMediaElementEncryptedMedia)
 {
     visitor->trace(m_mediaElement);
     visitor->trace(m_mediaKeys);
     WillBeHeapSupplement<HTMLMediaElement>::trace(visitor);
 }
 
 } // namespace blink