Fix out-of-memory crashes related to ArrayBuffer allocation

third_party/WebKit/Source/modules/encryptedmedia/MediaKeySession.cpp

 /*
  * Copyright (C) 2013 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
@@ skipping 416 matching lines @@
     //    (blink side doesn't know what the CDM supports, so the proper check
     //     will be done on the Chromium side. However, we can verify that
     //     |initDataType| is one of the registered values.)
     WebEncryptedMediaInitDataType initDataType = EncryptedMediaUtils::convertToInitDataType(initDataTypeString);
     if (initDataType == WebEncryptedMediaInitDataType::Unknown) {
         return ScriptPromise::rejectWithDOMException(
             scriptState, DOMException::create(NotSupportedError, "The initialization data type '" + initDataTypeString + "' is not supported."));
     }
 
     // 6. Let init data be a copy of the contents of the initData parameter.
-    RefPtr<DOMArrayBuffer> initDataBuffer = DOMArrayBuffer::create(initData.data(), initData.byteLength());
+    //    TODO(junov): crbug.com/536816
+    //    Use createOrNull instead of deprecatedCreateOrCrash. It would probably
+    //    be appropriate to reject the promise with a RangeError exception when
+    //    array buffer allocation fails, but that behavior probably needs
+    //    clarification in the spec.
+    RefPtr<DOMArrayBuffer> initDataBuffer = DOMArrayBuffer::deprecatedCreateOrCrash(initData.data(), initData.byteLength());
 
     // 7. Let session type be this object's session type.
     //    (Done in constructor.)
 
     // 8. Let promise be a new promise.
     NewSessionResultPromise* result = new NewSessionResultPromise(scriptState, this);
     ScriptPromise promise = result->promise();
 
     // 9. Run the following steps asynchronously (documented in
     //    actionTimerFired())
@@ skipping 74 matching lines @@
         return CreateRejectedPromiseNotCallable(scriptState);
 
     // 2. If response is an empty array, return a promise rejected with a
     //    new DOMException whose name is InvalidAccessError.
     if (!response.byteLength()) {
         return ScriptPromise::rejectWithDOMException(
             scriptState, DOMException::create(InvalidAccessError, "The response parameter is empty."));
     }
 
     // 3. Let response copy be a copy of the contents of the response parameter.
-    RefPtr<DOMArrayBuffer> responseCopy = DOMArrayBuffer::create(response.data(), response.byteLength());
+    //    TODO(junov): crbug.com/536816
+    //    Use createOrNull instead of deprecatedCreateOrCrash. It would probably
+    //    be appropriate to reject the promise with a RangeError exception when
+    //    array buffer allocation fails, but that behavior probably needs
+    //    clarification in the spec.
+    RefPtr<DOMArrayBuffer> responseCopy = DOMArrayBuffer::deprecatedCreateOrCrash(response.data(), response.byteLength());
 
     // 4. Let promise be a new promise.
     SimpleContentDecryptionModuleResultPromise* result = new SimpleContentDecryptionModuleResultPromise(scriptState);
     ScriptPromise promise = result->promise();
 
     // 5. Run the following steps asynchronously (documented in
     //    actionTimerFired())
     m_pendingActions.append(PendingAction::CreatePendingUpdate(result, responseCopy.release()));
     if (!m_actionTimer.isActive())
         m_actionTimer.startOneShot(0, BLINK_FROM_HERE);
@@ skipping 250 matching lines @@
     case WebContentDecryptionModuleSession::Client::MessageType::LicenseRequest:
         init.setMessageType("license-request");
         break;
     case WebContentDecryptionModuleSession::Client::MessageType::LicenseRenewal:
         init.setMessageType("license-renewal");
         break;
     case WebContentDecryptionModuleSession::Client::MessageType::LicenseRelease:
         init.setMessageType("license-release");
         break;
     }
-    init.setMessage(DOMArrayBuffer::create(static_cast<const void*>(message), messageLength));
+    init.setMessage(DOMArrayBuffer::deprecatedCreateOrCrash(static_cast<const void*>(message), messageLength));
 
     RefPtrWillBeRawPtr<MediaKeyMessageEvent> event = MediaKeyMessageEvent::create(EventTypeNames::message, init);
     event->setTarget(this);
     m_asyncEventQueue->enqueueEvent(event.release());
 }
 
 void MediaKeySession::close()
 {
     WTF_LOG(Media, "MediaKeySession(%p)::close", this);
 
@@ skipping 111 matching lines @@
     visitor->trace(m_asyncEventQueue);
     visitor->trace(m_pendingActions);
     visitor->trace(m_mediaKeys);
     visitor->trace(m_keyStatusesMap);
     visitor->trace(m_closedPromise);
     RefCountedGarbageCollectedEventTargetWithInlineData<MediaKeySession>::trace(visitor);
     ActiveDOMObject::trace(visitor);
 }
 
 } // namespace blink