Bug 139545

Summary: [Web Audio] Decoding specific .m4a file crashes tab
Product: WebKit Reporter: Ashley Gullen <ashley>
Component: Web AudioAssignee: Jer Noble <jer.noble>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue, crogers, jer.noble
Priority: P2 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: iPhone / iPad   
OS: iOS 8.1   
Bug Depends on:    
Bug Blocks: 160146    
Attachments:
Description Flags
Patch none

Ashley Gullen
Reported 2014-12-11 10:27:06 PST
Visit this URL in Safari on iOS 8.1.2: http://www.scirra.com/labs/bugs/audiodecodecrash/ It attempts to download a file called step1.m4a and decode it with a Web Audio context. It immediately crashes the tab. It should call either the decode success or failure callbacks, alerting either "Audio decode OK" or "Audio decode error".
Attachments
Patch (5.03 KB, patch)
2015-03-05 11:05 PST, Jer Noble 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2014-12-14 18:48:41 PST
I can reproduce on OS X, too. Thread 13 Crashed:: Audio Decoder 0 com.apple.JavaScriptCore 0x000000011095bf6e WTFCrash + 62 1 com.apple.WebCore 0x0000000111165799 WTF::CrashOnOverflow::overflowed() + 9 2 com.apple.WebCore 0x00000001111a0320 WTF::Checked<unsigned long, WTF::CrashOnOverflow>::Checked(WTF::ResultOverflowedTag) + 16 3 com.apple.WebCore 0x00000001111a0309 WTF::Checked<unsigned long, WTF::CrashOnOverflow>::Checked(WTF::ResultOverflowedTag) + 9 4 com.apple.WebCore 0x00000001111a02f9 WebCore::AudioArray<float>::allocate(WTF::Checked<unsigned long, WTF::CrashOnOverflow>) + 217 5 com.apple.WebCore 0x000000011119e104 WebCore::AudioBus::AudioBus(unsigned int, unsigned long, bool) + 260 6 com.apple.WebCore 0x000000011119dfe5 WebCore::AudioBus::create(unsigned int, unsigned long, bool) + 69 rdar://problem/18921312
Jer Noble
Comment 2 2015-03-05 11:05:45 PST
Created attachment 247970 [details] Patch
WebKit Commit Bot
Comment 3 2015-03-06 11:31:42 PST
Comment on attachment 247970 [details] Patch Clearing flags on attachment: 247970 Committed r181174: <http://trac.webkit.org/changeset/181174>
WebKit Commit Bot
Comment 4 2015-03-06 11:31:46 PST
All reviewed patches have been landed. Closing bug.
Alexey Proskuryakov
Comment 5 2016-07-24 11:31:32 PDT
This still reproduces on iOS, filed bug 160146.
Note You need to log in before you can comment on or make changes to this bug.