Chromium Code Reviews Chromium Code Reviews
Issue 1414553002:
Fix out-of-memory crashes related to ArrayBuffer allocation
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "config.h" | 5 #include "config.h" |
| 6 #include "modules/webgl/WebGL2RenderingContextBase.h" | 6 #include "modules/webgl/WebGL2RenderingContextBase.h" |
| 7 | 7 |
| 8 #include "bindings/modules/v8/WebGLAny.h" | 8 #include "bindings/modules/v8/WebGLAny.h" |
| 9 #include "core/html/HTMLCanvasElement.h" | 9 #include "core/html/HTMLCanvasElement.h" |
| 10 #include "core/html/HTMLImageElement.h" | 10 #include "core/html/HTMLImageElement.h" |
| (...skipping 268 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 279 case GL_RG16I: | 279 case GL_RG16I: |
| 280 case GL_RG32UI: | 280 case GL_RG32UI: |
| 281 case GL_RG32I: | 281 case GL_RG32I: |
| 282 case GL_RGBA8UI: | 282 case GL_RGBA8UI: |
| 283 case GL_RGBA8I: | 283 case GL_RGBA8I: |
| 284 case GL_RGB10_A2UI: | 284 case GL_RGB10_A2UI: |
| 285 case GL_RGBA16UI: | 285 case GL_RGBA16UI: |
| 286 case GL_RGBA16I: | 286 case GL_RGBA16I: |
| 287 case GL_RGBA32UI: | 287 case GL_RGBA32UI: |
| 288 case GL_RGBA32I: | 288 case GL_RGBA32I: |
| 289 return WebGLAny(scriptState, DOMInt32Array::create(0)); | 289 return WebGLAny(scriptState, DOMInt32Array::deprecatedCreateOrCrash(null ptr, 0)); |
| 290 case GL_R8: | 290 case GL_R8: |
| 291 case GL_RG8: | 291 case GL_RG8: |
| 292 case GL_RGB8: | 292 case GL_RGB8: |
| 293 case GL_RGB565: | 293 case GL_RGB565: |
| 294 case GL_RGBA8: | 294 case GL_RGBA8: |
| 295 case GL_SRGB8_ALPHA8: | 295 case GL_SRGB8_ALPHA8: |
| 296 case GL_RGB5_A1: | 296 case GL_RGB5_A1: |
| 297 case GL_RGBA4: | 297 case GL_RGBA4: |
| 298 case GL_RGB10_A2: | 298 case GL_RGB10_A2: |
| 299 case GL_DEPTH_COMPONENT16: | 299 case GL_DEPTH_COMPONENT16: |
| 300 case GL_DEPTH_COMPONENT24: | 300 case GL_DEPTH_COMPONENT24: |
| 301 case GL_DEPTH_COMPONENT32F: | 301 case GL_DEPTH_COMPONENT32F: |
| 302 case GL_DEPTH24_STENCIL8: | 302 case GL_DEPTH24_STENCIL8: |
| 303 case GL_DEPTH32F_STENCIL8: | 303 case GL_DEPTH32F_STENCIL8: |
| 304 case GL_STENCIL_INDEX8: | 304 case GL_STENCIL_INDEX8: |
| 305 break; | 305 break; |
| 306 default: | 306 default: |
| 307 synthesizeGLError(GL_INVALID_ENUM, "getInternalformatParameter", "invali d internalformat"); | 307 synthesizeGLError(GL_INVALID_ENUM, "getInternalformatParameter", "invali d internalformat"); |
| 308 return ScriptValue::createNull(scriptState); | 308 return ScriptValue::createNull(scriptState); |
| 309 } | 309 } |
| 310 | 310 |
| 311 switch (pname) { | 311 switch (pname) { |
| 312 case GL_SAMPLES: | 312 case GL_SAMPLES: |
| 313 { | 313 { |
| 314 GLint length = -1; | 314 GLint length = -1; |
| 315 webContext()->getInternalformativ(target, internalformat, GL_NUM_SAM PLE_COUNTS, 1, &length); | 315 webContext()->getInternalformativ(target, internalformat, GL_NUM_SAM PLE_COUNTS, 1, &length); |
| 316 if (length <= 0) | 316 if (length <= 0) |
| 317 return WebGLAny(scriptState, DOMInt32Array::create(0)); | 317 return WebGLAny(scriptState, DOMInt32Array::deprecatedCreateOrCr ash(nullptr, 0)); |
| 318 | 318 |
| 319 OwnPtr<GLint[]> values = adoptArrayPtr(new GLint[length]); | 319 OwnPtr<GLint[]> values = adoptArrayPtr(new GLint[length]); |
| 320 for (GLint ii = 0; ii < length; ++ii) | 320 for (GLint ii = 0; ii < length; ++ii) |
| 321 values[ii] = 0; | 321 values[ii] = 0; |
| 322 webContext()->getInternalformativ(target, internalformat, GL_SAMPLES , length, values.get()); | 322 webContext()->getInternalformativ(target, internalformat, GL_SAMPLES , length, values.get()); |
| 323 return WebGLAny(scriptState, DOMInt32Array::create(values.get(), len gth)); | 323 RefPtr<DOMInt32Array> valueArray = DOMInt32Array::deprecatedCreateOr Crash(values.get(), length); |
| 324 return WebGLAny(scriptState, valueArray.release()); | |
| 324 } | 325 } |
| 325 default: | 326 default: |
| 326 synthesizeGLError(GL_INVALID_ENUM, "getInternalformatParameter", "invali d parameter name"); | 327 synthesizeGLError(GL_INVALID_ENUM, "getInternalformatParameter", "invali d parameter name"); |
| 327 return ScriptValue::createNull(scriptState); | 328 return ScriptValue::createNull(scriptState); |
| 328 } | 329 } |
| 329 } | 330 } |
| 330 | 331 |
| 331 void WebGL2RenderingContextBase::invalidateFramebuffer(GLenum target, Vector<GLe num>& attachments) | 332 void WebGL2RenderingContextBase::invalidateFramebuffer(GLenum target, Vector<GLe num>& attachments) |
| 332 { | 333 { |
| 333 if (isContextLost()) | 334 if (isContextLost()) |
| (...skipping 1741 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 2075 webContext()->getActiveUniformBlockiv(objectOrZero(program), uniform BlockIndex, pname, &intValue); | 2076 webContext()->getActiveUniformBlockiv(objectOrZero(program), uniform BlockIndex, pname, &intValue); |
| 2076 return WebGLAny(scriptState, static_cast<unsigned>(intValue)); | 2077 return WebGLAny(scriptState, static_cast<unsigned>(intValue)); |
| 2077 } | 2078 } |
| 2078 case GL_UNIFORM_BLOCK_ACTIVE_UNIFORM_INDICES: | 2079 case GL_UNIFORM_BLOCK_ACTIVE_UNIFORM_INDICES: |
| 2079 { | 2080 { |
| 2080 GLint uniformCount = 0; | 2081 GLint uniformCount = 0; |
| 2081 webContext()->getActiveUniformBlockiv(objectOrZero(program), uniform BlockIndex, GL_UNIFORM_BLOCK_ACTIVE_UNIFORMS, &uniformCount); | 2082 webContext()->getActiveUniformBlockiv(objectOrZero(program), uniform BlockIndex, GL_UNIFORM_BLOCK_ACTIVE_UNIFORMS, &uniformCount); |
| 2082 | 2083 |
| 2083 Vector<GLint> indices(uniformCount); | 2084 Vector<GLint> indices(uniformCount); |
| 2084 webContext()->getActiveUniformBlockiv(objectOrZero(program), uniform BlockIndex, pname, indices.data()); | 2085 webContext()->getActiveUniformBlockiv(objectOrZero(program), uniform BlockIndex, pname, indices.data()); |
| 2085 return WebGLAny(scriptState, DOMUint32Array::create(reinterpret_cast <GLuint*>(indices.data()), indices.size())); | 2086 // FIXME: Should we consider throwing a RangeError exception instead of crashing when array alloc fails. |
|
haraken
2015/10/29 18:58:37
allocation
Justin Novosad
2015/11/05 00:17:52
Done.
| |
| 2087 return WebGLAny(scriptState, DOMUint32Array::deprecatedCreateOrCrash (reinterpret_cast<GLuint*>(indices.data()), indices.size())); | |
| 2086 } | 2088 } |
| 2087 case GL_UNIFORM_BLOCK_REFERENCED_BY_VERTEX_SHADER: | 2089 case GL_UNIFORM_BLOCK_REFERENCED_BY_VERTEX_SHADER: |
| 2088 case GL_UNIFORM_BLOCK_REFERENCED_BY_FRAGMENT_SHADER: | 2090 case GL_UNIFORM_BLOCK_REFERENCED_BY_FRAGMENT_SHADER: |
| 2089 { | 2091 { |
| 2090 GLint boolValue = 0; | 2092 GLint boolValue = 0; |
| 2091 webContext()->getActiveUniformBlockiv(objectOrZero(program), uniform BlockIndex, pname, &boolValue); | 2093 webContext()->getActiveUniformBlockiv(objectOrZero(program), uniform BlockIndex, pname, &boolValue); |
| 2092 return WebGLAny(scriptState, static_cast<bool>(boolValue)); | 2094 return WebGLAny(scriptState, static_cast<bool>(boolValue)); |
| 2093 } | 2095 } |
| 2094 default: | 2096 default: |
| 2095 synthesizeGLError(GL_INVALID_ENUM, "getActiveUniformBlockParameter", "in valid parameter name"); | 2097 synthesizeGLError(GL_INVALID_ENUM, "getActiveUniformBlockParameter", "in valid parameter name"); |
| (...skipping 928 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 3024 GLenum WebGL2RenderingContextBase::boundFramebufferColorFormat() | 3026 GLenum WebGL2RenderingContextBase::boundFramebufferColorFormat() |
| 3025 { | 3027 { |
| 3026 if (m_readFramebufferBinding && m_readFramebufferBinding->object()) | 3028 if (m_readFramebufferBinding && m_readFramebufferBinding->object()) |
| 3027 return m_readFramebufferBinding->colorBufferFormat(); | 3029 return m_readFramebufferBinding->colorBufferFormat(); |
| 3028 if (m_requestedAttributes.alpha()) | 3030 if (m_requestedAttributes.alpha()) |
| 3029 return GL_RGBA; | 3031 return GL_RGBA; |
| 3030 return GL_RGB; | 3032 return GL_RGB; |
| 3031 } | 3033 } |
| 3032 | 3034 |
| 3033 } // namespace blink | 3035 } // namespace blink |
| OLD | NEW |
