Use PartitionAlloc for JavaScript ArrayBuffers and strings.

BUG=pdfium:681

Change-Id: I5073d80d9bd623b73e578d5ba2226c39c371bab0
Reviewed-on: https://pdfium-review.googlesource.com/3097
Commit-Queue: Chris Palmer <palmer@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>

2 files changed, 13 insertions, 3 deletions

diff --git a/fxjs/fxjs_v8.cpp b/fxjs/fxjs_v8.cpp
index 5f9426b643..9c1c3e84f3 100644
--- a/fxjs/fxjs_v8.cpp
+++ b/fxjs/fxjs_v8.cpp
@@ -9,6 +9,7 @@
 #include <vector>
 
 #include "core/fxcrt/fx_basic.h"
+#include "third_party/base/allocator/partition_allocator/partition_alloc.h"
 
 // Keep this consistent with the values defined in gin/public/context_holder.h
 // (without actually requiring a dependency on gin itself for the standalone
@@ -144,15 +145,23 @@ static v8::Local<v8::ObjectTemplate> GetGlobalObjectTemplate(
 }
 
 void* FXJS_ArrayBufferAllocator::Allocate(size_t length) {
-  return length <= kMaxAllowedBytes ? calloc(1, length) : nullptr;
+  if (length > kMaxAllowedBytes)
+    return nullptr;
+  void* p = AllocateUninitialized(length);
+  if (p)
+    memset(p, 0, length);
+  return p;
 }
 
 void* FXJS_ArrayBufferAllocator::AllocateUninitialized(size_t length) {
-  return length < kMaxAllowedBytes ? malloc(length) : nullptr;
+  if (length > kMaxAllowedBytes)
+    return nullptr;
+  return pdfium::base::PartitionAllocGeneric(
+      gArrayBufferPartitionAllocator.root(), length, "FXJS_ArrayBuffer");
 }
 
 void FXJS_ArrayBufferAllocator::Free(void* data, size_t length) {
-  free(data);
+  pdfium::base::PartitionFree(data);
 }
 
 void V8TemplateMapTraits::Dispose(v8::Isolate* isolate,
diff --git a/fxjs/fxjs_v8.h b/fxjs/fxjs_v8.h
index bdcf425f53..d44af2f8fa 100644
--- a/fxjs/fxjs_v8.h
+++ b/fxjs/fxjs_v8.h
@@ -22,6 +22,7 @@
 #include <vector>
 
 #include "core/fxcrt/fx_string.h"
+
 #ifdef PDF_ENABLE_XFA
 // Header for CFXJSE_RuntimeData. FXJS_V8 doesn't interpret this class,
 // it is just passed along to XFA.