| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2004, 2006, 2008 Apple Inc. All rights reserved. | 2 * Copyright (C) 2004, 2006, 2008 Apple Inc. All rights reserved. |
| 3 * Copyright (C) 2005-2007 Alexey Proskuryakov <ap@webkit.org> | 3 * Copyright (C) 2005-2007 Alexey Proskuryakov <ap@webkit.org> |
| 4 * Copyright (C) 2007, 2008 Julien Chaffraix <jchaffraix@webkit.org> | 4 * Copyright (C) 2007, 2008 Julien Chaffraix <jchaffraix@webkit.org> |
| 5 * Copyright (C) 2008, 2011 Google Inc. All rights reserved. | 5 * Copyright (C) 2008, 2011 Google Inc. All rights reserved. |
| 6 * Copyright (C) 2012 Intel Corporation | 6 * Copyright (C) 2012 Intel Corporation |
| 7 * | 7 * |
| 8 * This library is free software; you can redistribute it and/or | 8 * This library is free software; you can redistribute it and/or |
| 9 * modify it under the terms of the GNU Lesser General Public | 9 * modify it under the terms of the GNU Lesser General Public |
| 10 * License as published by the Free Software Foundation; either | 10 * License as published by the Free Software Foundation; either |
| (...skipping 346 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 357 | 357 |
| 358 DOMArrayBuffer* XMLHttpRequest::responseArrayBuffer() | 358 DOMArrayBuffer* XMLHttpRequest::responseArrayBuffer() |
| 359 { | 359 { |
| 360 ASSERT(m_responseTypeCode == ResponseTypeArrayBuffer); | 360 ASSERT(m_responseTypeCode == ResponseTypeArrayBuffer); |
| 361 | 361 |
| 362 if (m_error || m_state != DONE) | 362 if (m_error || m_state != DONE) |
| 363 return nullptr; | 363 return nullptr; |
| 364 | 364 |
| 365 if (!m_responseArrayBuffer) { | 365 if (!m_responseArrayBuffer) { |
| 366 if (m_binaryResponseBuilder && m_binaryResponseBuilder->size()) { | 366 if (m_binaryResponseBuilder && m_binaryResponseBuilder->size()) { |
| 367 RefPtr<DOMArrayBuffer> buffer = DOMArrayBuffer::createUninitialized(
m_binaryResponseBuilder->size(), 1); | 367 RefPtr<DOMArrayBuffer> buffer = DOMArrayBuffer::createUninitializedO
rNull(m_binaryResponseBuilder->size(), 1); |
| 368 if (!m_binaryResponseBuilder->getAsBytes(buffer->data(), buffer->byt
eLength())) { | 368 if (!buffer || !m_binaryResponseBuilder->getAsBytes(buffer->data(),
buffer->byteLength())) { |
| 369 // m_binaryResponseBuilder failed to allocate an ArrayBuffer. | 369 // m_binaryResponseBuilder failed to allocate an ArrayBuffer. |
| 370 // We need to crash the renderer since there's no way defined in | 370 // We need to crash the renderer since there's no way defined in |
| 371 // the spec to tell this to the user. | 371 // the spec to tell this to the user. |
| 372 CRASH(); | 372 CRASH(); |
| 373 } | 373 } |
| 374 m_responseArrayBuffer = buffer.release(); | 374 m_responseArrayBuffer = buffer.release(); |
| 375 m_binaryResponseBuilder.clear(); | 375 m_binaryResponseBuilder.clear(); |
| 376 } else { | 376 } else { |
| 377 m_responseArrayBuffer = DOMArrayBuffer::create(nullptr, 0); | 377 m_responseArrayBuffer = DOMArrayBuffer::createOrNull(nullptr, 0); |
| 378 RELEASE_ASSERT(m_responseArrayBuffer); // size 0 -> should never fai
l internal buffer alloc |
| 378 } | 379 } |
| 379 } | 380 } |
| 380 | 381 |
| 381 return m_responseArrayBuffer.get(); | 382 return m_responseArrayBuffer.get(); |
| 382 } | 383 } |
| 383 | 384 |
| 384 Stream* XMLHttpRequest::responseLegacyStream() | 385 Stream* XMLHttpRequest::responseLegacyStream() |
| 385 { | 386 { |
| 386 ASSERT(m_responseTypeCode == ResponseTypeLegacyStream); | 387 ASSERT(m_responseTypeCode == ResponseTypeLegacyStream); |
| 387 | 388 |
| (...skipping 1326 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1714 visitor->trace(m_responseDocumentParser); | 1715 visitor->trace(m_responseDocumentParser); |
| 1715 visitor->trace(m_progressEventThrottle); | 1716 visitor->trace(m_progressEventThrottle); |
| 1716 visitor->trace(m_upload); | 1717 visitor->trace(m_upload); |
| 1717 visitor->trace(m_blobLoader); | 1718 visitor->trace(m_blobLoader); |
| 1718 XMLHttpRequestEventTarget::trace(visitor); | 1719 XMLHttpRequestEventTarget::trace(visitor); |
| 1719 DocumentParserClient::trace(visitor); | 1720 DocumentParserClient::trace(visitor); |
| 1720 ActiveDOMObject::trace(visitor); | 1721 ActiveDOMObject::trace(visitor); |
| 1721 } | 1722 } |
| 1722 | 1723 |
| 1723 } // namespace blink | 1724 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1414553002:
Fix out-of-memory crashes related to ArrayBuffer allocation
Base URL: https://chromium.googlesource.com/chromium/src.git@master