224400 2021-04-09 16:52:05 -0700 Regression(r275668) Potential null pointer deref in AudioParam::exponentialRampToValueAtTime(float, double) 2021-04-10 15:41:29 -0700 1 1 1 Unclassified WebKit Web Audio WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 224279 1 cdumez cdumez cdumez darin eric.carlson ews-watchlist ggaren glenn jer.noble philipj rniwa sergio webkit-bug-importer oldest_to_newest 1748912 0 cdumez 2021-04-09 16:52:05 -0700 Potential null pointer deref in AudioParam::exponentialRampToValueAtTime(float, double): Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000128 Exception Note: EXC_CORPSE_NOTIFY Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x00000001111a359a std::__1::unique_ptr<WebCore::AudioDestinationNode, std::__1::default_delete<WebCore::AudioDestinationNode> >::get() const + 0 (memory:2318) [inlined] 1 com.apple.WebCore 0x00000001111a359a WTF::UniqueRef<WebCore::AudioDestinationNode>::operator->() const + 0 (UniqueRef.h:71) [inlined] 2 com.apple.WebCore 0x00000001111a359a WebCore::BaseAudioContext::currentTime() const + 0 (BaseAudioContext.h:123) [inlined] 3 com.apple.WebCore 0x00000001111a359a WebCore::AudioParam::exponentialRampToValueAtTime(float, double) + 154 (AudioParam.cpp:190) 4 com.apple.WebCore 0x00000001107f5de8 WebCore::jsAudioParamPrototypeFunction_exponentialRampToValueAtTimeBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSAudioParam*) + 400 (JSAudioParam.cpp:379) [inlined] 5 com.apple.WebCore 0x00000001107f5de8 long long WebCore::IDLOperation<WebCore::JSAudioParam>::call<&(WebCore::jsAudioParamPrototypeFunction_exponentialRampToValueAtTimeBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSAudioParam*)), (WebCore::CastedThisErrorBehavior)0>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*) + 554 (JSDOMOperation.h:55) [inlined] 6 com.apple.WebCore 0x00000001107f5de8 WebCore::jsAudioParamPrototypeFunction_exponentialRampToValueAtTime(JSC::JSGlobalObject*, JSC::CallFrame*) + 584 (JSAudioParam.cpp:384) 1748913 1 cdumez 2021-04-09 16:52:19 -0700 <rdar://76450376> 1748917 2 425667 cdumez 2021-04-09 16:54:59 -0700 Created attachment 425667 Patch 1749032 3 425667 cdumez 2021-04-10 15:41:27 -0700 Comment on attachment 425667 Patch Clearing flags on attachment: 425667 Committed r275804 (236375@main): <https://commits.webkit.org/236375@main> 1749033 4 cdumez 2021-04-10 15:41:29 -0700 All reviewed patches have been landed. Closing bug. 425667 2021-04-09 16:54:59 -0700 2021-04-10 15:41:27 -0700 Patch bug-224400-20210409165458.patch text/plain 4239 cdumez U3VidmVyc2lvbiBSZXZpc2lvbjogMjc1NzcxCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggNDk5NmYwY2I1MDk4NTU3 M2I4MmE1NmRkMzUzYjE0ZWRhOTY1ZDRiNy4uMGU2Zjk4OGI4NmZjMDQ3YmQ4NGMwYzViNGM0ZTJk MjdkYzllYWQzOSAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDE5IEBACisyMDIxLTA0LTA5ICBDaHJp cyBEdW1leiAgPGNkdW1lekBhcHBsZS5jb20+CisKKyAgICAgICAgUmVncmVzc2lvbihyMjc1NjY4 KSBQb3RlbnRpYWwgbnVsbCBwb2ludGVyIGRlcmVmIGluIEF1ZGlvUGFyYW06OmV4cG9uZW50aWFs UmFtcFRvVmFsdWVBdFRpbWUoZmxvYXQsIGRvdWJsZSkKKyAgICAgICAgaHR0cHM6Ly9idWdzLndl YmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTIyNDQwMAorICAgICAgICA8cmRhcjovLzc2NDUwMzc2 PgorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIEluIHIy NzU2NjgsIEkgYWRkZWQgbnVsbC1jaGVja3MgZm9yIHRoZSBBdWRpb0NvbnRleHQgaW4gQXVkaW9Q YXJhbSwgbm93IHRoYXQgaXQgaG9sZHMgYSBXZWFrUHRyIHRvIGl0cworICAgICAgICBjb250ZXh0 LiBIb3dldmVyLCBJIG1pc3NlZCBhIG51bGwtY2hlY2sgaW4gQXVkaW9QYXJhbTo6ZXhwb25lbnRp YWxSYW1wVG9WYWx1ZUF0VGltZSgpLiBUaGlzIHBhdGNoIGFkZHMKKyAgICAgICAgdGhlIG1pc3Np bmcgY2hlY2suCisKKyAgICAgICAgVGVzdDogd2ViYXVkaW8vQXVkaW9QYXJhbS9hdWRpb3BhcmFt LWV4cG9uZW50aWFsUmFtcFRvVmFsdWVBdFRpbWUtbm9jb250ZXh0LWNyYXNoLmh0bWwKKworICAg ICAgICAqIE1vZHVsZXMvd2ViYXVkaW8vQXVkaW9QYXJhbS5jcHA6CisKIDIwMjEtMDQtMDkgIENo cmlzIER1bWV6ICA8Y2R1bWV6QGFwcGxlLmNvbT4KIAogICAgICAgICBbIG1hY09TIF0gMyB3ZWJh dWRpby9PZmZsaW5lQXVkaW9Db250ZXh0LyBsYXlvdXQtdGVzdHMgYXJlIGZsYWtleSB0ZXh0IGZh aWx1cmVzCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9Nb2R1bGVzL3dlYmF1ZGlvL0F1ZGlv UGFyYW0uY3BwIGIvU291cmNlL1dlYkNvcmUvTW9kdWxlcy93ZWJhdWRpby9BdWRpb1BhcmFtLmNw cAppbmRleCA3MjE0YWI4YmZjMmRjMWM3Mzk3NDI3NzgzYzliMDhlY2IwNDQ2ZmNkLi5lNzgyZDE4 N2MxMDM2MjIwOTg5N2M3Y2YwYjY5MzY4ZDJlN2E2OGQ0IDEwMDY0NAotLS0gYS9Tb3VyY2UvV2Vi Q29yZS9Nb2R1bGVzL3dlYmF1ZGlvL0F1ZGlvUGFyYW0uY3BwCisrKyBiL1NvdXJjZS9XZWJDb3Jl L01vZHVsZXMvd2ViYXVkaW8vQXVkaW9QYXJhbS5jcHAKQEAgLTE4Miw2ICsxODIsOSBAQCBFeGNl cHRpb25PcjxBdWRpb1BhcmFtJj4gQXVkaW9QYXJhbTo6bGluZWFyUmFtcFRvVmFsdWVBdFRpbWUo ZmxvYXQgdmFsdWUsIGRvdWJsZQogCiBFeGNlcHRpb25PcjxBdWRpb1BhcmFtJj4gQXVkaW9QYXJh bTo6ZXhwb25lbnRpYWxSYW1wVG9WYWx1ZUF0VGltZShmbG9hdCB2YWx1ZSwgZG91YmxlIGVuZFRp bWUpCiB7CisgICAgaWYgKCFjb250ZXh0KCkpCisgICAgICAgIHJldHVybiAqdGhpczsKKwogICAg IGlmICghdmFsdWUpCiAgICAgICAgIHJldHVybiBFeGNlcHRpb24geyBSYW5nZUVycm9yLCAidmFs dWUgY2Fubm90IGJlIDAiX3MgfTsKICAgICBpZiAoZW5kVGltZSA8IDApCmRpZmYgLS1naXQgYS9M YXlvdXRUZXN0cy9DaGFuZ2VMb2cgYi9MYXlvdXRUZXN0cy9DaGFuZ2VMb2cKaW5kZXggYTM2ZmIw YmM4Y2NjMmEwMTE2NzNjNmViNjM1MDk3NWI1Nzk2ZmQwMy4uYTFkZjJiMGYyOWJlZGFlZjU5NTYz ZjFlOTIyNTNjYjc2NGI2MTRmYSAxMDA2NDQKLS0tIGEvTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCisr KyBiL0xheW91dFRlc3RzL0NoYW5nZUxvZwpAQCAtMSwzICsxLDE2IEBACisyMDIxLTA0LTA5ICBD aHJpcyBEdW1leiAgPGNkdW1lekBhcHBsZS5jb20+CisKKyAgICAgICAgUmVncmVzc2lvbihyMjc1 NjY4KSBQb3RlbnRpYWwgbnVsbCBwb2ludGVyIGRlcmVmIGluIEF1ZGlvUGFyYW06OmV4cG9uZW50 aWFsUmFtcFRvVmFsdWVBdFRpbWUoZmxvYXQsIGRvdWJsZSkKKyAgICAgICAgaHR0cHM6Ly9idWdz LndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTIyNDQwMAorICAgICAgICA8cmRhcjovLzc2NDUw Mzc2PgorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIEFk ZCBsYXlvdXQgdGVzdCBjb3ZlcmFnZS4KKworICAgICAgICAqIHdlYmF1ZGlvL0F1ZGlvUGFyYW0v YXVkaW9wYXJhbS1leHBvbmVudGlhbFJhbXBUb1ZhbHVlQXRUaW1lLW5vY29udGV4dC1jcmFzaC1l eHBlY3RlZC50eHQ6IEFkZGVkLgorICAgICAgICAqIHdlYmF1ZGlvL0F1ZGlvUGFyYW0vYXVkaW9w YXJhbS1leHBvbmVudGlhbFJhbXBUb1ZhbHVlQXRUaW1lLW5vY29udGV4dC1jcmFzaC5odG1sOiBB ZGRlZC4KKwogMjAyMS0wNC0wOSAgQ2hyaXMgRHVtZXogIDxjZHVtZXpAYXBwbGUuY29tPgogCiAg ICAgICAgIFsgbWFjT1MgXSAzIHdlYmF1ZGlvL09mZmxpbmVBdWRpb0NvbnRleHQvIGxheW91dC10 ZXN0cyBhcmUgZmxha2V5IHRleHQgZmFpbHVyZXMKZGlmZiAtLWdpdCBhL0xheW91dFRlc3RzL3dl YmF1ZGlvL0F1ZGlvUGFyYW0vYXVkaW9wYXJhbS1leHBvbmVudGlhbFJhbXBUb1ZhbHVlQXRUaW1l LW5vY29udGV4dC1jcmFzaC1leHBlY3RlZC50eHQgYi9MYXlvdXRUZXN0cy93ZWJhdWRpby9BdWRp b1BhcmFtL2F1ZGlvcGFyYW0tZXhwb25lbnRpYWxSYW1wVG9WYWx1ZUF0VGltZS1ub2NvbnRleHQt Y3Jhc2gtZXhwZWN0ZWQudHh0Cm5ldyBmaWxlIG1vZGUgMTAwNjQ0CmluZGV4IDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAuLjNmYjI0MjQ2N2EzNzQxODVjY2QxYzU1ZThm MjJhODUwNmE1MmM1MzgKLS0tIC9kZXYvbnVsbAorKysgYi9MYXlvdXRUZXN0cy93ZWJhdWRpby9B dWRpb1BhcmFtL2F1ZGlvcGFyYW0tZXhwb25lbnRpYWxSYW1wVG9WYWx1ZUF0VGltZS1ub2NvbnRl eHQtY3Jhc2gtZXhwZWN0ZWQudHh0CkBAIC0wLDAgKzEsMTAgQEAKK01ha2Ugc3VyZSB3ZSBkb24n dCBjcmFzaCB3aGVuIGNhbGxpbmcgbGluZWFyUmFtcFRvVmFsdWVBdFRpbWUoKSBvbiBhbiBBdWRp b1BhcmFtIHRoYXQgbG9zdCBpdHMgQXVkaW9Db250ZXh0LgorCitPbiBzdWNjZXNzLCB5b3Ugd2ls bCBzZWUgYSBzZXJpZXMgb2YgIlBBU1MiIG1lc3NhZ2VzLCBmb2xsb3dlZCBieSAiVEVTVCBDT01Q TEVURSIuCisKKworUEFTUyBEaWQgbm90IGNyYXNoCitQQVNTIHN1Y2Nlc3NmdWxseVBhcnNlZCBp cyB0cnVlCisKK1RFU1QgQ09NUExFVEUKKwpkaWZmIC0tZ2l0IGEvTGF5b3V0VGVzdHMvd2ViYXVk aW8vQXVkaW9QYXJhbS9hdWRpb3BhcmFtLWV4cG9uZW50aWFsUmFtcFRvVmFsdWVBdFRpbWUtbm9j b250ZXh0LWNyYXNoLmh0bWwgYi9MYXlvdXRUZXN0cy93ZWJhdWRpby9BdWRpb1BhcmFtL2F1ZGlv cGFyYW0tZXhwb25lbnRpYWxSYW1wVG9WYWx1ZUF0VGltZS1ub2NvbnRleHQtY3Jhc2guaHRtbApu ZXcgZmlsZSBtb2RlIDEwMDY0NAppbmRleCAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwLi45YmQ0ZjhhODkwYzg0NmFlYzI3ZGFmZWQ1MDFjMzNlZWMyMDdiZDg5Ci0tLSAv ZGV2L251bGwKKysrIGIvTGF5b3V0VGVzdHMvd2ViYXVkaW8vQXVkaW9QYXJhbS9hdWRpb3BhcmFt LWV4cG9uZW50aWFsUmFtcFRvVmFsdWVBdFRpbWUtbm9jb250ZXh0LWNyYXNoLmh0bWwKQEAgLTAs MCArMSwxNCBAQAorPERPQ1RZUEUgaHRtbD4KKzxodG1sPgorPGJvZHk+Cis8c2NyaXB0IHNyYz0i Li4vLi4vcmVzb3VyY2VzL2pzLXRlc3QuanMiPjwvc2NyaXB0PgorPHNjcmlwdD4KK2Rlc2NyaXB0 aW9uKCJNYWtlIHN1cmUgd2UgZG9uJ3QgY3Jhc2ggd2hlbiBjYWxsaW5nIGxpbmVhclJhbXBUb1Zh bHVlQXRUaW1lKCkgb24gYW4gQXVkaW9QYXJhbSB0aGF0IGxvc3QgaXRzIEF1ZGlvQ29udGV4dC4i KTsKKworbGV0IGF1ZGlvUGFyYW0gPSBuZXcgT2ZmbGluZUF1ZGlvQ29udGV4dCgxLCAxLCAzMDAw KS5saXN0ZW5lci5mb3J3YXJkWDsKK2djKCk7CithdWRpb1BhcmFtLmV4cG9uZW50aWFsUmFtcFRv VmFsdWVBdFRpbWUoMSwgMCk7Cit0ZXN0UGFzc2VkKCJEaWQgbm90IGNyYXNoIik7Cis8L3Njcmlw dD4KKzwvYm9keT4KKzwvaHRtbD4K