Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/9632375c6aac

# HG changeset patch
# User Jeff Gilbert <jdashg@gmail.com>
# Date 1453320785 28800
# Node ID 9632375c6aacbf673b996b53231d70b91e480fb5
# Parent  ee68c3dae5f639fdd439f69ef2f724067fce0ea6
Limit max buffers size for ANGLE. r=jrmuizel a=lizzard

diff --git a/dom/canvas/WebGLContextBuffers.cpp b/dom/canvas/WebGLContextBuffers.cpp
--- a/dom/canvas/WebGLContextBuffers.cpp
+++ b/dom/canvas/WebGLContextBuffers.cpp
@@ -164,16 +164,19 @@ WebGLContext::BufferData(GLenum target, 
 
     if (!ValidateBufferUsageEnum(usage, "bufferData: usage"))
         return;
 
     // careful: WebGLsizeiptr is always 64-bit, but GLsizeiptr is like intptr_t.
     if (!CheckedInt<GLsizeiptr>(size).isValid())
         return ErrorOutOfMemory("bufferData: bad size");
 
+    if (gl->IsANGLE() && size > UINT32_MAX)
+        return ErrorOutOfMemory("bufferData: size too large");
+
     WebGLBuffer* boundBuffer = bufferSlot.get();
 
     if (!boundBuffer)
         return ErrorInvalidOperation("bufferData: no buffer bound!");
 
     UniquePtr<uint8_t> zeroBuffer((uint8_t*)moz_calloc(size, 1));
     if (!zeroBuffer)
         return ErrorOutOfMemory("bufferData: out of memory");
@@ -216,16 +219,19 @@ WebGLContext::BufferData(GLenum target,
     const dom::ArrayBuffer& data = maybeData.Value();
     data.ComputeLengthAndData();
 
     // Careful: data.Length() could conceivably be any uint32_t, but GLsizeiptr
     // is like intptr_t.
     if (!CheckedInt<GLsizeiptr>(data.Length()).isValid())
         return ErrorOutOfMemory("bufferData: bad size");
 
+    if (gl->IsANGLE() && data.Length() > UINT32_MAX)
+        return ErrorOutOfMemory("bufferData: size too large");
+
     if (!ValidateBufferUsageEnum(usage, "bufferData: usage"))
         return;
 
     WebGLBuffer* boundBuffer = bufferSlot.get();
 
     if (!boundBuffer)
         return ErrorInvalidOperation("bufferData: no buffer bound!");
 
@@ -267,16 +273,19 @@ WebGLContext::BufferData(GLenum target, 
 
     data.ComputeLengthAndData();
 
     // Careful: data.Length() could conceivably be any uint32_t, but GLsizeiptr
     // is like intptr_t.
     if (!CheckedInt<GLsizeiptr>(data.Length()).isValid())
         return ErrorOutOfMemory("bufferData: bad size");
 
+    if (gl->IsANGLE() && data.Length() > UINT32_MAX)
+        return ErrorOutOfMemory("bufferData: size too large");
+
     InvalidateBufferFetching();
     MakeContextCurrent();
 
     GLenum error = CheckedBufferData(target, data.Length(), data.Data(), usage);
     if (error) {
         GenerateWarning("bufferData generated error %s", ErrorName(error));
         return;
     }