| Index: Source/bindings/v8/SerializedScriptValue.cpp
|
| diff --git a/Source/bindings/v8/SerializedScriptValue.cpp b/Source/bindings/v8/SerializedScriptValue.cpp
|
| index 984d5e7388c81401ba571f73baad30d1c1c07b9e..baf8bd6fa4a92bebb9fcb7e8c04b297699e1c309 100644
|
| --- a/Source/bindings/v8/SerializedScriptValue.cpp
|
| +++ b/Source/bindings/v8/SerializedScriptValue.cpp
|
| @@ -739,7 +739,15 @@ public:
|
| }
|
|
|
| // Functions used by serialization states.
|
| - StateBase* doSerialize(v8::Handle<v8::Value> value, StateBase* next);
|
| + StateBase* doSerialize(v8::Handle<v8::Value>, StateBase* next);
|
| +
|
| + // The serializer workhorse, no stack depth check.
|
| + StateBase* doSerializeImpl(v8::Handle<v8::Value>, StateBase* next);
|
| +
|
| + StateBase* doSerializeArrayBuffer(v8::Handle<v8::Value> arrayBuffer, StateBase* next)
|
| + {
|
| + return doSerializeImpl(arrayBuffer, next);
|
| + }
|
|
|
| StateBase* checkException(StateBase* state)
|
| {
|
| @@ -1139,16 +1147,18 @@ private:
|
| v8::Handle<v8::Value> underlyingBuffer = toV8(arrayBufferView->buffer(), v8::Handle<v8::Object>(), m_writer.getIsolate());
|
| if (underlyingBuffer.IsEmpty())
|
| return handleError(DataCloneError, next);
|
| - StateBase* stateOut = doSerialize(underlyingBuffer, 0);
|
| + StateBase* stateOut = doSerializeArrayBuffer(underlyingBuffer, next);
|
| if (stateOut)
|
| - return handleError(DataCloneError, next);
|
| + return stateOut;
|
| m_writer.writeArrayBufferView(*arrayBufferView);
|
| // This should be safe: we serialize something that we know to be a wrapper (see
|
| - // the toV8 call above), so the call to doSerialize above should neither cause
|
| - // the stack to overflow nor should it have the potential to reach this
|
| - // ArrayBufferView again. We do need to grey the underlying buffer before we grey
|
| - // its view, however; ArrayBuffers may be shared, so they need to be given reference IDs,
|
| - // and an ArrayBufferView cannot be constructed without a corresponding ArrayBuffer
|
| + // the toV8 call above), so the call to doSerializeArrayBuffer should neither
|
| + // cause the system stack to overflow nor should it have potential to reach
|
| + // this ArrayBufferView again.
|
| + //
|
| + // We do need to grey the underlying buffer before we grey its view, however;
|
| + // ArrayBuffers may be shared, so they need to be given reference IDs, and an
|
| + // ArrayBufferView cannot be constructed without a corresponding ArrayBuffer
|
| // (or without an additional tag that would allow us to do two-stage construction
|
| // like we do for Objects and Arrays).
|
| greyObject(object);
|
| @@ -1233,12 +1243,8 @@ private:
|
| v8::Isolate* m_isolate;
|
| };
|
|
|
| -Serializer::StateBase* Serializer::doSerialize(v8::Handle<v8::Value> value, StateBase* next)
|
| +Serializer::StateBase* Serializer::doSerializeImpl(v8::Handle<v8::Value> value, StateBase* next)
|
| {
|
| - if (m_execDepth + (next ? next->execDepth() : 0) > 1) {
|
| - m_writer.writeNull();
|
| - return 0;
|
| - }
|
| m_writer.writeReferenceCount(m_nextObjectReference);
|
| uint32_t objectReference;
|
| uint32_t arrayBufferIndex;
|
| @@ -1316,6 +1322,15 @@ Serializer::StateBase* Serializer::doSerialize(v8::Handle<v8::Value> value, Stat
|
| return 0;
|
| }
|
|
|
| +Serializer::StateBase* Serializer::doSerialize(v8::Handle<v8::Value> value, StateBase* next)
|
| +{
|
| + if (m_execDepth + (next ? next->execDepth() : 0) > 1) {
|
| + m_writer.writeNull();
|
| + return 0;
|
| + }
|
| + return doSerializeImpl(value, next);
|
| +}
|
| +
|
| // Interface used by Reader to create objects of composite types.
|
| class CompositeCreator {
|
| public:
|
|
|
Chromium Code Reviews
Issue 56973002:
Fix memory leak on serializing neutered ArrayBuffer. (Closed)
Base URL: https://chromium.googlesource.com/chromium/blink.git@master