| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2010 Google Inc. All rights reserved. | 2 * Copyright (C) 2010 Google Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
| 6 * met: | 6 * met: |
| 7 * | 7 * |
| 8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
| (...skipping 141 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 152 } | 152 } |
| 153 } else { | 153 } else { |
| 154 Vector<v8::Local<v8::ArrayBuffer>, 4> bufferHandles; | 154 Vector<v8::Local<v8::ArrayBuffer>, 4> bufferHandles; |
| 155 v8::HandleScope handleScope(isolate); | 155 v8::HandleScope handleScope(isolate); |
| 156 acculumateArrayBuffersForAllWorlds(isolate, static_pointer_cast<DOMA
rrayBuffer>(arrayBuffers[i]).get(), bufferHandles); | 156 acculumateArrayBuffersForAllWorlds(isolate, static_pointer_cast<DOMA
rrayBuffer>(arrayBuffers[i]).get(), bufferHandles); |
| 157 bool isNeuterable = true; | 157 bool isNeuterable = true; |
| 158 for (size_t j = 0; j < bufferHandles.size(); j++) | 158 for (size_t j = 0; j < bufferHandles.size(); j++) |
| 159 isNeuterable &= bufferHandles[j]->IsNeuterable(); | 159 isNeuterable &= bufferHandles[j]->IsNeuterable(); |
| 160 RefPtr<DOMArrayBufferBase> toTransfer = arrayBuffers[i]; | 160 RefPtr<DOMArrayBufferBase> toTransfer = arrayBuffers[i]; |
| 161 if (!isNeuterable) | 161 if (!isNeuterable) |
| 162 toTransfer = DOMArrayBuffer::create(arrayBuffers[i]->buffer()); | 162 toTransfer = DOMArrayBuffer::createOrNull(arrayBuffers[i]->buffe
r()); |
| 163 bool result = toTransfer->transfer(contents->at(i)); | 163 bool result = toTransfer ? toTransfer->transfer(contents->at(i)) : f
alse; |
| 164 if (!result) { | 164 if (!result) { |
| 165 exceptionState.throwDOMException(DataCloneError, "ArrayBuffer at
index " + String::number(i) + " could not be transferred."); | 165 exceptionState.throwDOMException(DataCloneError, "ArrayBuffer at
index " + String::number(i) + " could not be transferred."); |
| 166 return nullptr; | 166 return nullptr; |
| 167 } | 167 } |
| 168 | 168 |
| 169 if (isNeuterable) | 169 if (isNeuterable) |
| 170 for (size_t j = 0; j < bufferHandles.size(); j++) | 170 for (size_t j = 0; j < bufferHandles.size(); j++) |
| 171 bufferHandles[j]->Neuter(); | 171 bufferHandles[j]->Neuter(); |
| 172 } | 172 } |
| 173 } | 173 } |
| (...skipping 114 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 288 { | 288 { |
| 289 m_arrayBufferContentsArray = createArrayBuffers(isolate, arrayBuffers, excep
tionState); | 289 m_arrayBufferContentsArray = createArrayBuffers(isolate, arrayBuffers, excep
tionState); |
| 290 } | 290 } |
| 291 | 291 |
| 292 void SerializedScriptValue::transferImageBitmaps(v8::Isolate* isolate, ImageBitm
apArray& imageBitmaps, ExceptionState& exceptionState) | 292 void SerializedScriptValue::transferImageBitmaps(v8::Isolate* isolate, ImageBitm
apArray& imageBitmaps, ExceptionState& exceptionState) |
| 293 { | 293 { |
| 294 m_imageBitmapsArray = createImageBitmaps(isolate, imageBitmaps, exceptionSta
te); | 294 m_imageBitmapsArray = createImageBitmaps(isolate, imageBitmaps, exceptionSta
te); |
| 295 } | 295 } |
| 296 | 296 |
| 297 } // namespace blink | 297 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1414553002:
Fix out-of-memory crashes related to ArrayBuffer allocation
Base URL: https://chromium.googlesource.com/chromium/src.git@master