DOMStorage: Better defend against a tight loop maliciously using the API.

content/renderer/dom_storage/dom_storage_dispatcher.cc

Index: content/renderer/dom_storage/dom_storage_dispatcher.cc
diff --git a/content/renderer/dom_storage/dom_storage_dispatcher.cc b/content/renderer/dom_storage/dom_storage_dispatcher.cc
index b693f93988178ddb749f113e356c989aac58550f..b52367adf298a8d20021ffff42aec4c5b810a1ae 100644
--- a/content/renderer/dom_storage/dom_storage_dispatcher.cc
+++ b/content/renderer/dom_storage/dom_storage_dispatcher.cc
@@ -139,9 +139,17 @@ class DomStorageDispatcher::ProxyImpl : public DOMStorageProxy {
 
   ~ProxyImpl() override {}
 
-  // Sudden termination is disabled when there are callbacks pending
-  // to more reliably commit changes during shutdown.
   void PushPendingCallback(const CompletionCallback& callback) {
+    // Terminate the renderer if an excessive number of calls are made,
+    // This is indicative of script in an infinite loop or being malicious.
+    // It's better to crash intentionally than by running the system OOM
+    // and interfering with everything else running in the system.
+    const int kMaxPendingCompletionCallbacks = 1000000;
+    if (pending_callbacks_.size() > kMaxPendingCompletionCallbacks)
+      CHECK(false) << "Too many pending DOMStorage calls.";
+
+    // Sudden termination is disabled when there are callbacks pending
+    // to more reliably commit changes during shutdown.
     if (pending_callbacks_.empty())
       blink::Platform::Current()->SuddenTerminationChanged(false);
     pending_callbacks_.push_back(callback);