Fix out-of-memory crashes related to ArrayBuffer allocation

third_party/WebKit/Source/core/xmlhttprequest/XMLHttpRequest.cpp

Index: third_party/WebKit/Source/core/xmlhttprequest/XMLHttpRequest.cpp
diff --git a/third_party/WebKit/Source/core/xmlhttprequest/XMLHttpRequest.cpp b/third_party/WebKit/Source/core/xmlhttprequest/XMLHttpRequest.cpp
index bf7a84627628887273d01e632d55a206ebab16a7..60cdf99a9315f15f4a7b818086b5bf748f1ef142 100644
--- a/third_party/WebKit/Source/core/xmlhttprequest/XMLHttpRequest.cpp
+++ b/third_party/WebKit/Source/core/xmlhttprequest/XMLHttpRequest.cpp
@@ -365,8 +365,8 @@ DOMArrayBuffer* XMLHttpRequest::responseArrayBuffer()
 
     if (!m_responseArrayBuffer) {
         if (m_binaryResponseBuilder && m_binaryResponseBuilder->size()) {
-            RefPtr<DOMArrayBuffer> buffer = DOMArrayBuffer::createUninitialized(m_binaryResponseBuilder->size(), 1);
-            if (!m_binaryResponseBuilder->getAsBytes(buffer->data(), buffer->byteLength())) {
+            RefPtr<DOMArrayBuffer> buffer = DOMArrayBuffer::createUninitializedOrNull(m_binaryResponseBuilder->size(), 1);
+            if (!buffer || !m_binaryResponseBuilder->getAsBytes(buffer->data(), buffer->byteLength())) {
                 // m_binaryResponseBuilder failed to allocate an ArrayBuffer.
                 // We need to crash the renderer since there's no way defined in
                 // the spec to tell this to the user.
@@ -375,7 +375,8 @@ DOMArrayBuffer* XMLHttpRequest::responseArrayBuffer()
             m_responseArrayBuffer = buffer.release();
             m_binaryResponseBuilder.clear();
         } else {
-            m_responseArrayBuffer = DOMArrayBuffer::create(nullptr, 0);
+            m_responseArrayBuffer = DOMArrayBuffer::createOrNull(nullptr, 0);
+            RELEASE_ASSERT(m_responseArrayBuffer); // size 0 -> should never fail internal buffer alloc
         }
     }