From e4b035b722ad69d4a4357c54cd3c9f1f8574b067 Mon Sep 17 00:00:00 2001
From: Chris Palmer <palmer@chromium.org>
Date: Sun, 26 Mar 2017 15:48:34 -0700
Subject: Use PartitionAlloc for JavaScript ArrayBuffers and strings.

BUG=pdfium:681

Change-Id: I5073d80d9bd623b73e578d5ba2226c39c371bab0
Reviewed-on: https://pdfium-review.googlesource.com/3097
Commit-Queue: Chris Palmer <palmer@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
---
 fxjs/fxjs_v8.cpp | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

(limited to 'fxjs/fxjs_v8.cpp')

diff --git a/fxjs/fxjs_v8.cpp b/fxjs/fxjs_v8.cpp
index 5f9426b643..9c1c3e84f3 100644
--- a/fxjs/fxjs_v8.cpp
+++ b/fxjs/fxjs_v8.cpp
@@ -9,6 +9,7 @@
 #include <vector>
 
 #include "core/fxcrt/fx_basic.h"
+#include "third_party/base/allocator/partition_allocator/partition_alloc.h"
 
 // Keep this consistent with the values defined in gin/public/context_holder.h
 // (without actually requiring a dependency on gin itself for the standalone
@@ -144,15 +145,23 @@ static v8::Local<v8::ObjectTemplate> GetGlobalObjectTemplate(
 }
 
 void* FXJS_ArrayBufferAllocator::Allocate(size_t length) {
-  return length <= kMaxAllowedBytes ? calloc(1, length) : nullptr;
+  if (length > kMaxAllowedBytes)
+    return nullptr;
+  void* p = AllocateUninitialized(length);
+  if (p)
+    memset(p, 0, length);
+  return p;
 }
 
 void* FXJS_ArrayBufferAllocator::AllocateUninitialized(size_t length) {
-  return length < kMaxAllowedBytes ? malloc(length) : nullptr;
+  if (length > kMaxAllowedBytes)
+    return nullptr;
+  return pdfium::base::PartitionAllocGeneric(
+      gArrayBufferPartitionAllocator.root(), length, "FXJS_ArrayBuffer");
 }
 
 void FXJS_ArrayBufferAllocator::Free(void* data, size_t length) {
-  free(data);
+  pdfium::base::PartitionFree(data);
 }
 
 void V8TemplateMapTraits::Dispose(v8::Isolate* isolate,
-- 
cgit v1.2.3