Fix out-of-memory crashes related to ArrayBuffer allocation

third_party/WebKit/Source/modules/crypto/CryptoResultImpl.cpp

Index: third_party/WebKit/Source/modules/crypto/CryptoResultImpl.cpp
diff --git a/third_party/WebKit/Source/modules/crypto/CryptoResultImpl.cpp b/third_party/WebKit/Source/modules/crypto/CryptoResultImpl.cpp
index 7efd0097e99174319967326f84ecda015b77219b..1d3198ebc0259a155dba21bb071ff45e157ba58e 100644
--- a/third_party/WebKit/Source/modules/crypto/CryptoResultImpl.cpp
+++ b/third_party/WebKit/Source/modules/crypto/CryptoResultImpl.cpp
@@ -181,7 +181,20 @@ void CryptoResultImpl::completeWithBuffer(const void* bytes, unsigned bytesSize)
     if (!m_resolver)
         return;
 
-    m_resolver->resolve(DOMArrayBuffer::create(bytes, bytesSize));
+    RefPtr<DOMArrayBuffer> buffer = DOMArrayBuffer::createOrNull(bytes, bytesSize);
+    if (!buffer) {
+        // The specs for all crypto methods that use this code state: "If the
+        // following steps or referenced procedures say to throw an error,
+        // reject promise with the returned error and then terminate the algorithm."
+        // In this case, the procedure of allocating an ArrayBuffer is not explicitly
+        // referenced in the algorithms laid out in the spec, but it is implied,
+        // and the ECMAScript spec says that failure to allocate the buffer should
+        // result in a RangeError being thrown.
+        // http://ecma-international.org/ecma-262/6.0/#sec-createbytedatablock
+        m_resolver->reject(DOMException::create(V8RangeError, "Out of memory. Could not allocate buffer."));
+    } else {
+        m_resolver->resolve(buffer);
+    }
     clearResolver();
 }