Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(144)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/modules/websockets/DOMWebSocket.cpp

Issue 1414553002: Fix out-of-memory crashes related to ArrayBuffer allocation Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: applied review comments Created 5 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« third_party/WebKit/Source/bindings/core/v8/ScriptValueSerializer.cpp ('K') | « third_party/WebKit/Source/modules/webmidi/MIDIOutput.cpp ('k') | third_party/WebKit/Source/modules/websockets/DOMWebSocketTest.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2011 Google Inc. All rights reserved. 2 * Copyright (C) 2011 Google Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are 5 * modification, are permitted provided that the following conditions are
6 * met: 6 * met:
7 * 7 *
8 * * Redistributions of source code must retain the above copyright 8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer. 9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above 10 * * Redistributions in binary form must reproduce the above
(...skipping 413 matching lines...) Expand 10 before | Expand all | Expand 10 after
424 setInvalidStateErrorForSendMethod(exceptionState); 424 setInvalidStateErrorForSendMethod(exceptionState);
425 return; 425 return;
426 } 426 }
427 if (m_state == CLOSING || m_state == CLOSED) { 427 if (m_state == CLOSING || m_state == CLOSED) {
428 updateBufferedAmountAfterClose(arrayBufferView->byteLength()); 428 updateBufferedAmountAfterClose(arrayBufferView->byteLength());
429 return; 429 return;
430 } 430 }
431 Platform::current()->histogramEnumeration("WebCore.WebSocket.SendType", WebS ocketSendTypeArrayBufferView, WebSocketSendTypeMax); 431 Platform::current()->histogramEnumeration("WebCore.WebSocket.SendType", WebS ocketSendTypeArrayBufferView, WebSocketSendTypeMax);
432 ASSERT(m_channel); 432 ASSERT(m_channel);
433 m_bufferedAmount += arrayBufferView->byteLength(); 433 m_bufferedAmount += arrayBufferView->byteLength();
434 m_channel->send(*arrayBufferView->buffer(), arrayBufferView->byteOffset(), a rrayBufferView->byteLength()); 434 RefPtr<DOMArrayBuffer> buffer = arrayBufferView->bufferOrNull();
435 if (!buffer) {
436 exceptionState.throwRangeError("Out of memory.");
437 return;
438 }
439 m_channel->send(*buffer, arrayBufferView->byteOffset(), arrayBufferView->byt eLength());
435 } 440 }
436 441
437 void DOMWebSocket::send(Blob* binaryData, ExceptionState& exceptionState) 442 void DOMWebSocket::send(Blob* binaryData, ExceptionState& exceptionState)
438 { 443 {
439 WTF_LOG(Network, "WebSocket %p send() Sending Blob '%s'", this, binaryData-> uuid().utf8().data()); 444 WTF_LOG(Network, "WebSocket %p send() Sending Blob '%s'", this, binaryData-> uuid().utf8().data());
440 ASSERT(binaryData); 445 ASSERT(binaryData);
441 if (m_state == CONNECTING) { 446 if (m_state == CONNECTING) {
442 setInvalidStateErrorForSendMethod(exceptionState); 447 setInvalidStateErrorForSendMethod(exceptionState);
443 return; 448 return;
444 } 449 }
(...skipping 186 matching lines...) Expand 10 before | Expand all | Expand 10 after
631 binaryData->swap(*rawData->mutableData()); 636 binaryData->swap(*rawData->mutableData());
632 OwnPtr<BlobData> blobData = BlobData::create(); 637 OwnPtr<BlobData> blobData = BlobData::create();
633 blobData->appendData(rawData.release(), 0, BlobDataItem::toEndOfFile); 638 blobData->appendData(rawData.release(), 0, BlobDataItem::toEndOfFile);
634 Blob* blob = Blob::create(BlobDataHandle::create(blobData.release(), siz e)); 639 Blob* blob = Blob::create(BlobDataHandle::create(blobData.release(), siz e));
635 Platform::current()->histogramEnumeration("WebCore.WebSocket.ReceiveType ", WebSocketReceiveTypeBlob, WebSocketReceiveTypeMax); 640 Platform::current()->histogramEnumeration("WebCore.WebSocket.ReceiveType ", WebSocketReceiveTypeBlob, WebSocketReceiveTypeMax);
636 m_eventQueue->dispatch(MessageEvent::create(blob, SecurityOrigin::create (m_url)->toString())); 641 m_eventQueue->dispatch(MessageEvent::create(blob, SecurityOrigin::create (m_url)->toString()));
637 break; 642 break;
638 } 643 }
639 644
640 case BinaryTypeArrayBuffer: 645 case BinaryTypeArrayBuffer:
641 RefPtr<DOMArrayBuffer> arrayBuffer = DOMArrayBuffer::create(binaryData-> data(), binaryData->size()); 646 RefPtr<DOMArrayBuffer> arrayBuffer = DOMArrayBuffer::createOrNull(binary Data->data(), binaryData->size());
642 Platform::current()->histogramEnumeration("WebCore.WebSocket.ReceiveType ", WebSocketReceiveTypeArrayBuffer, WebSocketReceiveTypeMax); 647 Platform::current()->histogramEnumeration("WebCore.WebSocket.ReceiveType ", WebSocketReceiveTypeArrayBuffer, WebSocketReceiveTypeMax);
643 m_eventQueue->dispatch(MessageEvent::create(arrayBuffer.release(), Secur ityOrigin::create(m_url)->toString())); 648 // FIXME: This silently fails if array buffer allocation fails (out of m emory).
649 // Is there something else we'd rather do?
650 if (arrayBuffer) {
651 m_eventQueue->dispatch(MessageEvent::create(arrayBuffer.release(), S ecurityOrigin::create(m_url)->toString()));
652 }
644 break; 653 break;
645 } 654 }
646 } 655 }
647 656
648 void DOMWebSocket::didError() 657 void DOMWebSocket::didError()
649 { 658 {
650 WTF_LOG(Network, "WebSocket %p didError()", this); 659 WTF_LOG(Network, "WebSocket %p didError()", this);
651 m_state = CLOSED; 660 m_state = CLOSED;
652 m_eventQueue->dispatch(Event::create(EventTypeNames::error)); 661 m_eventQueue->dispatch(Event::create(EventTypeNames::error));
653 } 662 }
(...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after
687 DEFINE_TRACE(DOMWebSocket) 696 DEFINE_TRACE(DOMWebSocket)
688 { 697 {
689 visitor->trace(m_channel); 698 visitor->trace(m_channel);
690 visitor->trace(m_eventQueue); 699 visitor->trace(m_eventQueue);
691 WebSocketChannelClient::trace(visitor); 700 WebSocketChannelClient::trace(visitor);
692 RefCountedGarbageCollectedEventTargetWithInlineData<DOMWebSocket>::trace(vis itor); 701 RefCountedGarbageCollectedEventTargetWithInlineData<DOMWebSocket>::trace(vis itor);
693 ActiveDOMObject::trace(visitor); 702 ActiveDOMObject::trace(visitor);
694 } 703 }
695 704
696 } // namespace blink 705 } // namespace blink
OLDNEW
« third_party/WebKit/Source/bindings/core/v8/ScriptValueSerializer.cpp ('K') | « third_party/WebKit/Source/modules/webmidi/MIDIOutput.cpp ('k') | third_party/WebKit/Source/modules/websockets/DOMWebSocketTest.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698