Fix out-of-memory crashes related to ArrayBuffer allocation

third_party/WebKit/Source/modules/presentation/PresentationConnection.cpp

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "config.h"
 #include "modules/presentation/PresentationConnection.h"
 
 #include "bindings/core/v8/ScriptPromiseResolver.h"
 #include "core/dom/DOMArrayBuffer.h"
 #include "core/dom/DOMArrayBufferView.h"
@@ skipping 62 matching lines @@
     {
         m_loader.start(m_PresentationConnection->executionContext(), blobDataHandle);
     }
     ~BlobLoader() override { }
 
     // FileReaderLoaderClient functions.
     void didStartLoading() override { }
     void didReceiveData() override { }
     void didFinishLoading() override
     {
-        m_PresentationConnection->didFinishLoadingBlob(m_loader.arrayBufferResult());
+        m_PresentationConnection->didFinishLoadingBlob(m_loader.arrayBufferResultOrNull());
     }
     void didFail(FileError::ErrorCode errorCode) override
     {
         m_PresentationConnection->didFailLoadingBlob(errorCode);
     }
 
     void cancel()
     {
         m_loader.cancel();
     }
@@ skipping 106 matching lines @@
     m_messages.append(adoptPtr(new Message(arrayBuffer)));
     handleMessageQueue();
 }
 
 void PresentationConnection::send(PassRefPtr<DOMArrayBufferView> arrayBufferView, ExceptionState& exceptionState)
 {
     ASSERT(arrayBufferView);
     if (!canSendMessage(exceptionState))
         return;
 
-    m_messages.append(adoptPtr(new Message(arrayBufferView->buffer())));
+    RefPtr<DOMArrayBuffer> buffer = arrayBufferView->buffer();
+    m_messages.append(adoptPtr(new Message(buffer)));
     handleMessageQueue();
 }
 
 void PresentationConnection::send(Blob* data, ExceptionState& exceptionState)
 {
     ASSERT(data);
     if (!canSendMessage(exceptionState))
         return;
 
     m_messages.append(adoptPtr(new Message(data->blobDataHandle())));
@@ skipping 76 matching lines @@
 
     switch (m_binaryType) {
     case BinaryTypeBlob: {
         OwnPtr<BlobData> blobData = BlobData::create();
         blobData->appendBytes(data, length);
         Blob* blob = Blob::create(BlobDataHandle::create(blobData.release(), length));
         dispatchEvent(MessageEvent::create(blob));
         return;
     }
     case BinaryTypeArrayBuffer:
-        RefPtr<DOMArrayBuffer> buffer = DOMArrayBuffer::create(data, length);
+        // TODO(junov): crbug.com/536816
+        // Use createOrNull instead of deprecatedCReateOrCrash. Requires
+        // determining an acceptable alternative to crashing when buffer
+        // allocation fails. Should we just drop the event? Dispatch
+        // an event with null data? Dispatch some kind of error code?
+        // Behavior needs to be defined in the spec.
+        RefPtr<DOMArrayBuffer> buffer = DOMArrayBuffer::deprecatedCreateOrCrash(data, length);
         dispatchEvent(MessageEvent::create(buffer.release()));
         return;
     }
     ASSERT_NOT_REACHED();
 }
 
 void PresentationConnection::close()
 {
     if (m_state != WebPresentationConnectionState::Connected)
         return;
@@ skipping 44 matching lines @@
 {
     ASSERT(!m_messages.isEmpty() && m_messages.first()->type == MessageTypeBlob);
     // FIXME: generate error message?
     // Ignore the current failed blob item and continue with next items.
     m_messages.removeFirst();
     m_blobLoader.clear();
     handleMessageQueue();
 }
 
 } // namespace blink