Fix out-of-memory crashes related to ArrayBuffer allocation

third_party/WebKit/Source/modules/fetch/BodyStreamBuffer.cpp

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "config.h"
 #include "modules/fetch/BodyStreamBuffer.h"
 
 #include "core/dom/DOMArrayBuffer.h"
 #include "core/dom/DOMTypedArray.h"
 #include "core/dom/ExceptionCode.h"
@@ skipping 195 matching lines @@
 
 void BodyStreamBuffer::processData()
 {
     ASSERT(m_reader);
     while (m_streamNeedsMore) {
         const void* buffer;
         size_t available;
         WebDataConsumerHandle::Result result = m_reader->beginRead(&buffer, WebDataConsumerHandle::FlagNone, &available);
         switch (result) {
         case WebDataConsumerHandle::Ok:
-            m_streamNeedsMore = m_stream->enqueue(DOMUint8Array::create(static_cast<const unsigned char*>(buffer), available));
-            m_reader->endRead(available);
-            break;
+            {
+                // TODO(junov): crbug.com/536816
+                // Use createOrNull instead of deprecatedCreateOrCrash in order to
+                // fail gracefully when allocation fails. It would probably be
+                // appropriate to do something like this to handle the failure:
+                //
+                // if (!domArray) {
+                //    m_reader = nullptr;
+                //    m_stream->error(DOMException::create(V8RangeError, "Out of Memory."));
+                //    m_handle.clear();
+                // }
+                //
+                // The spec would need to be amended to support that behavior.
+                // Alternately, we could just proceed with domArray being null if it
+                // is ascertained that silently droping data is acceptable when the

[haraken, 2015/10/29 18:58:37]

dropping

[Justin Novosad, 2015/11/05 00:17:52]

Done.

+                // alternative is to crash with an out-of-memory exception.
+                RefPtr<DOMUint8Array> domArray = DOMUint8Array::deprecatedCreateOrCrash(static_cast<const unsigned char*>(buffer), available);
+                m_streamNeedsMore = m_stream->enqueue(domArray);
+                m_reader->endRead(available);
+            }
+            return;
 
         case WebDataConsumerHandle::Done:
             close();
             return;
 
         case WebDataConsumerHandle::ShouldWait:
             return;
 
         case WebDataConsumerHandle::Busy:
         case WebDataConsumerHandle::ResourceExhausted:
@@ skipping 21 matching lines @@
     unlock();
     if (mode == EndLoadingDone) {
         close();
     } else {
         ASSERT(mode == EndLoadingErrored);
         error();
     }
 }
 
 } // namespace blink