Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(6)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/WebCore/bindings/v8/custom/V8WebGLRenderingContextCustom.cpp

Issue 7585017: Merge 92413 (Closed) Base URL: http://svn.webkit.org/repository/webkit/branches/chromium/835/
Patch Set: Created 9 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « Source/WebCore/bindings/js/JSWebGLRenderingContextCustom.cpp ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2009 Google Inc. All rights reserved. 2 * Copyright (C) 2009 Google Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are 5 * modification, are permitted provided that the following conditions are
6 * met: 6 * met:
7 * 7 *
8 * * Redistributions of source code must retain the above copyright 8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer. 9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above 10 * * Redistributions in binary form must reproduce the above
(...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after
57 #include "V8Uint8Array.h" 57 #include "V8Uint8Array.h"
58 #include "V8WebGLBuffer.h" 58 #include "V8WebGLBuffer.h"
59 #include "V8WebGLFramebuffer.h" 59 #include "V8WebGLFramebuffer.h"
60 #include "V8WebGLProgram.h" 60 #include "V8WebGLProgram.h"
61 #include "V8WebGLRenderbuffer.h" 61 #include "V8WebGLRenderbuffer.h"
62 #include "V8WebGLShader.h" 62 #include "V8WebGLShader.h"
63 #include "V8WebGLTexture.h" 63 #include "V8WebGLTexture.h"
64 #include "V8WebGLUniformLocation.h" 64 #include "V8WebGLUniformLocation.h"
65 #include "V8WebGLVertexArrayObjectOES.h" 65 #include "V8WebGLVertexArrayObjectOES.h"
66 #include "WebGLRenderingContext.h" 66 #include "WebGLRenderingContext.h"
67 #include <limits>
67 #include <wtf/FastMalloc.h> 68 #include <wtf/FastMalloc.h>
68 69
69 namespace WebCore { 70 namespace WebCore {
70 71
71 // Allocates new storage via tryFastMalloc. 72 // Allocates new storage via tryFastMalloc.
72 // Returns NULL if array failed to convert for any reason. 73 // Returns NULL if array failed to convert for any reason.
73 static float* jsArrayToFloatArray(v8::Handle<v8::Array> array, uint32_t len) 74 static float* jsArrayToFloatArray(v8::Handle<v8::Array> array, uint32_t len)
74 { 75 {
75 // Convert the data element-by-element. 76 // Convert the data element-by-element.
76 float* data; 77 float* data;
77 if (!tryFastMalloc(len * sizeof(float)).getValue(data)) 78 if (len > std::numeric_limits<uint32_t>::max() / sizeof(float)
79 || !tryFastMalloc(len * sizeof(float)).getValue(data))
78 return 0; 80 return 0;
79 for (uint32_t i = 0; i < len; i++) { 81 for (uint32_t i = 0; i < len; i++) {
80 v8::Local<v8::Value> val = array->Get(i); 82 v8::Local<v8::Value> val = array->Get(i);
81 if (!val->IsNumber()) { 83 if (!val->IsNumber()) {
82 fastFree(data); 84 fastFree(data);
83 return 0; 85 return 0;
84 } 86 }
85 data[i] = toFloat(val); 87 data[i] = toFloat(val);
86 } 88 }
87 return data; 89 return data;
88 } 90 }
89 91
90 // Allocates new storage via tryFastMalloc. 92 // Allocates new storage via tryFastMalloc.
91 // Returns NULL if array failed to convert for any reason. 93 // Returns NULL if array failed to convert for any reason.
92 static int* jsArrayToIntArray(v8::Handle<v8::Array> array, uint32_t len) 94 static int* jsArrayToIntArray(v8::Handle<v8::Array> array, uint32_t len)
93 { 95 {
94 // Convert the data element-by-element. 96 // Convert the data element-by-element.
95 int* data; 97 int* data;
96 if (!tryFastMalloc(len * sizeof(int)).getValue(data)) 98 if (len > std::numeric_limits<uint32_t>::max() / sizeof(int)
99 || !tryFastMalloc(len * sizeof(int)).getValue(data))
97 return 0; 100 return 0;
98 for (uint32_t i = 0; i < len; i++) { 101 for (uint32_t i = 0; i < len; i++) {
99 v8::Local<v8::Value> val = array->Get(i); 102 v8::Local<v8::Value> val = array->Get(i);
100 bool ok; 103 bool ok;
101 int ival = toInt32(val, ok); 104 int ival = toInt32(val, ok);
102 if (!ok) { 105 if (!ok) {
103 fastFree(data); 106 fastFree(data);
104 return 0; 107 return 0;
105 } 108 }
106 data[i] = ival; 109 data[i] = ival;
(...skipping 672 matching lines...) Expand 10 before | Expand all | Expand 10 after
779 782
780 v8::Handle<v8::Value> V8WebGLRenderingContext::vertexAttrib4fvCallback(const v8: :Arguments& args) 783 v8::Handle<v8::Value> V8WebGLRenderingContext::vertexAttrib4fvCallback(const v8: :Arguments& args)
781 { 784 {
782 INC_STATS("DOM.WebGLRenderingContext.vertexAttrib4fv()"); 785 INC_STATS("DOM.WebGLRenderingContext.vertexAttrib4fv()");
783 return vertexAttribAndUniformHelperf(args, kVertexAttrib4v); 786 return vertexAttribAndUniformHelperf(args, kVertexAttrib4v);
784 } 787 }
785 788
786 } // namespace WebCore 789 } // namespace WebCore
787 790
788 #endif // ENABLE(WEBGL) 791 #endif // ENABLE(WEBGL)
OLDNEW
« no previous file with comments | « Source/WebCore/bindings/js/JSWebGLRenderingContextCustom.cpp ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698