Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(155)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/modules/websockets/DOMWebSocket.cpp

Issue 1414553002: Fix out-of-memory crashes related to ArrayBuffer allocation Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: rebase and applied senorblanco+haraken feedbac Created 5 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« third_party/WebKit/Source/modules/webgl/WebGL2RenderingContextBase.cpp ('K') | « third_party/WebKit/Source/modules/webmidi/MIDIOutput.cpp ('k') | third_party/WebKit/Source/modules/websockets/DOMWebSocketTest.cpp » ('j') | third_party/WebKit/Source/modules/websockets/DOMWebSocketTest.cpp » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2011 Google Inc. All rights reserved. 2 * Copyright (C) 2011 Google Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are 5 * modification, are permitted provided that the following conditions are
6 * met: 6 * met:
7 * 7 *
8 * * Redistributions of source code must retain the above copyright 8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer. 9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above 10 * * Redistributions in binary form must reproduce the above
(...skipping 413 matching lines...) Expand 10 before | Expand all | Expand 10 after
424 setInvalidStateErrorForSendMethod(exceptionState); 424 setInvalidStateErrorForSendMethod(exceptionState);
425 return; 425 return;
426 } 426 }
427 if (m_state == CLOSING || m_state == CLOSED) { 427 if (m_state == CLOSING || m_state == CLOSED) {
428 updateBufferedAmountAfterClose(arrayBufferView->byteLength()); 428 updateBufferedAmountAfterClose(arrayBufferView->byteLength());
429 return; 429 return;
430 } 430 }
431 Platform::current()->histogramEnumeration("WebCore.WebSocket.SendType", WebS ocketSendTypeArrayBufferView, WebSocketSendTypeMax); 431 Platform::current()->histogramEnumeration("WebCore.WebSocket.SendType", WebS ocketSendTypeArrayBufferView, WebSocketSendTypeMax);
432 ASSERT(m_channel); 432 ASSERT(m_channel);
433 m_bufferedAmount += arrayBufferView->byteLength(); 433 m_bufferedAmount += arrayBufferView->byteLength();
434 m_channel->send(*arrayBufferView->buffer(), arrayBufferView->byteOffset(), a rrayBufferView->byteLength()); 434 RefPtr<DOMArrayBuffer> buffer = arrayBufferView->bufferOrNull();
435 RELEASE_ASSERT(buffer); // crbug.com/536816
436 m_channel->send(*buffer, arrayBufferView->byteOffset(), arrayBufferView->byt eLength());
435 } 437 }
436 438
437 void DOMWebSocket::send(Blob* binaryData, ExceptionState& exceptionState) 439 void DOMWebSocket::send(Blob* binaryData, ExceptionState& exceptionState)
438 { 440 {
439 WTF_LOG(Network, "WebSocket %p send() Sending Blob '%s'", this, binaryData-> uuid().utf8().data()); 441 WTF_LOG(Network, "WebSocket %p send() Sending Blob '%s'", this, binaryData-> uuid().utf8().data());
440 ASSERT(binaryData); 442 ASSERT(binaryData);
441 if (m_state == CONNECTING) { 443 if (m_state == CONNECTING) {
442 setInvalidStateErrorForSendMethod(exceptionState); 444 setInvalidStateErrorForSendMethod(exceptionState);
443 return; 445 return;
444 } 446 }
(...skipping 186 matching lines...) Expand 10 before | Expand all | Expand 10 after
631 binaryData->swap(*rawData->mutableData()); 633 binaryData->swap(*rawData->mutableData());
632 OwnPtr<BlobData> blobData = BlobData::create(); 634 OwnPtr<BlobData> blobData = BlobData::create();
633 blobData->appendData(rawData.release(), 0, BlobDataItem::toEndOfFile); 635 blobData->appendData(rawData.release(), 0, BlobDataItem::toEndOfFile);
634 Blob* blob = Blob::create(BlobDataHandle::create(blobData.release(), siz e)); 636 Blob* blob = Blob::create(BlobDataHandle::create(blobData.release(), siz e));
635 Platform::current()->histogramEnumeration("WebCore.WebSocket.ReceiveType ", WebSocketReceiveTypeBlob, WebSocketReceiveTypeMax); 637 Platform::current()->histogramEnumeration("WebCore.WebSocket.ReceiveType ", WebSocketReceiveTypeBlob, WebSocketReceiveTypeMax);
636 m_eventQueue->dispatch(MessageEvent::create(blob, SecurityOrigin::create (m_url)->toString())); 638 m_eventQueue->dispatch(MessageEvent::create(blob, SecurityOrigin::create (m_url)->toString()));
637 break; 639 break;
638 } 640 }
639 641
640 case BinaryTypeArrayBuffer: 642 case BinaryTypeArrayBuffer:
641 RefPtr<DOMArrayBuffer> arrayBuffer = DOMArrayBuffer::create(binaryData-> data(), binaryData->size()); 643 // TODO(junov): crbug.com/536816
644 // Avoid crashing when out of memory by using createOrNull(). Requires
645 // determining appropriate alternate behavior for dealing with allocatio n
646 // failures. Should the event be droped? Should we dispatch an event
haraken 2015/10/29 18:58:37 dropped
Justin Novosad 2015/11/05 00:17:52 Done.
647 // with null data? Should we dispatch some kind of failure code?
648 RefPtr<DOMArrayBuffer> arrayBuffer = DOMArrayBuffer::deprecatedCreateOrC rash(binaryData->data(), binaryData->size());
642 Platform::current()->histogramEnumeration("WebCore.WebSocket.ReceiveType ", WebSocketReceiveTypeArrayBuffer, WebSocketReceiveTypeMax); 649 Platform::current()->histogramEnumeration("WebCore.WebSocket.ReceiveType ", WebSocketReceiveTypeArrayBuffer, WebSocketReceiveTypeMax);
643 m_eventQueue->dispatch(MessageEvent::create(arrayBuffer.release(), Secur ityOrigin::create(m_url)->toString())); 650 m_eventQueue->dispatch(MessageEvent::create(arrayBuffer.release(), Secur ityOrigin::create(m_url)->toString()));
644 break; 651 break;
645 } 652 }
646 } 653 }
647 654
648 void DOMWebSocket::didError() 655 void DOMWebSocket::didError()
649 { 656 {
650 WTF_LOG(Network, "WebSocket %p didError()", this); 657 WTF_LOG(Network, "WebSocket %p didError()", this);
651 m_state = CLOSED; 658 m_state = CLOSED;
(...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after
687 DEFINE_TRACE(DOMWebSocket) 694 DEFINE_TRACE(DOMWebSocket)
688 { 695 {
689 visitor->trace(m_channel); 696 visitor->trace(m_channel);
690 visitor->trace(m_eventQueue); 697 visitor->trace(m_eventQueue);
691 WebSocketChannelClient::trace(visitor); 698 WebSocketChannelClient::trace(visitor);
692 RefCountedGarbageCollectedEventTargetWithInlineData<DOMWebSocket>::trace(vis itor); 699 RefCountedGarbageCollectedEventTargetWithInlineData<DOMWebSocket>::trace(vis itor);
693 ActiveDOMObject::trace(visitor); 700 ActiveDOMObject::trace(visitor);
694 } 701 }
695 702
696 } // namespace blink 703 } // namespace blink
OLDNEW
« third_party/WebKit/Source/modules/webgl/WebGL2RenderingContextBase.cpp ('K') | « third_party/WebKit/Source/modules/webmidi/MIDIOutput.cpp ('k') | third_party/WebKit/Source/modules/websockets/DOMWebSocketTest.cpp » ('j') | third_party/WebKit/Source/modules/websockets/DOMWebSocketTest.cpp » ('J')

Powered by Google App Engine
This is Rietveld 408576698