Bug 223230

Summary:

Avoid heap allocation under AudioSummingJunction::updateRenderingState()

Product:

WebKit

Reporter:

Chris Dumez <cdumez>

Component:

Web Audio

Assignee:

Chris Dumez <cdumez>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

cdumez, darin, eric.carlson, ews-watchlist, ggaren, glenn, jer.noble, peng.liu6, philipj, sergio, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Bug Depends on:

Bug Blocks:

223226

Attachments:

Description	Flags
Patch	none
Patch	none
Patch	none

Chris Dumez

Reported 2021-03-15 18:05:14 PDT

Avoid heap allocation under AudioSummingJunction::updateRenderingState(), since this runs on the audio thread: Thread 9 Crashed:: offline renderer 0 com.apple.JavaScriptCore 0x00000003d7c3ff4e WTFCrash + 14 (Assertions.cpp:295) 1 com.apple.JavaScriptCore 0x00000003d93dc99b WTFCrashWithInfo(int, char const*, char const*, int) + 27 (Assertions.h:671) 2 com.apple.JavaScriptCore 0x00000003d7c7d607 WTF::fastMalloc(unsigned long) + 215 (FastMalloc.cpp:496) 3 com.apple.WebCore 0x00000003b88bce75 WTF::FastMalloc::malloc(unsigned long) + 21 (FastMalloc.h:246) 4 com.apple.WebCore 0x00000003babdcae2 bool WTF::VectorBufferBase<WebCore::AudioNodeOutput*, WTF::FastMalloc>::allocateBuffer<(WTF::FailureAction)0>(unsigned long) + 178 (Vector.h:301) 5 com.apple.WebCore 0x00000003babdc931 bool WTF::Vector<WebCore::AudioNodeOutput*, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>::reserveCapacity<(WTF::FailureAction)0>(unsigned long) + 113 (Vector.h:1195) 6 com.apple.WebCore 0x00000003babdc860 bool WTF::Vector<WebCore::AudioNodeOutput*, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>::expandCapacity<(WTF::FailureAction)0>(unsigned long) + 112 (Vector.h:1056) 7 com.apple.WebCore 0x00000003babca944 WTF::Vector<WebCore::AudioNodeOutput*, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>::resize(unsigned long) + 148 (Vector.h:1102) 8 com.apple.WebCore 0x00000003babca798 WebCore::AudioSummingJunction::updateRenderingState() + 280 (AudioSummingJunction.cpp:81) 9 com.apple.WebCore 0x00000003babf5b97 WebCore::BaseAudioContext::handleDirtyAudioSummingJunctions() + 247 (BaseAudioContext.cpp:852) 10 com.apple.WebCore 0x00000003babf5a47 WebCore::BaseAudioContext::handlePreRenderTasks(WebCore::AudioIOPosition const&) + 151 (BaseAudioContext.cpp:701) 11 com.apple.WebCore 0x00000003bab8ddd3 WebCore::AudioDestinationNode::render(WebCore::AudioBus*, WebCore::AudioBus*, unsigned long, WebCore::AudioIOPosition const&) + 307 (AudioDestinationNode.cpp:81) 12 com.apple.WebCore 0x00000003bac5483d WebCore::OfflineAudioDestinationNode::offlineRender() + 877 (OfflineAudioDestinationNode.cpp:164) 13 com.apple.WebCore 0x00000003bac74939 WebCore::OfflineAudioDestinationNode::startRendering(WTF::CompletionHandler<void (WTF::Optional<WebCore::Exception>&&)>&&)::$_2::operator()() + 41 (OfflineAudioDestinationNode.cpp:104) 14 com.apple.WebCore 0x00000003bac7630e WTF::Detail::CallableWrapper<WebCore::OfflineAudioDestinationNode::startRendering(WTF::CompletionHandler<void (WTF::Optional<WebCore::Exception>&&)>&&)::$_2, void>::call() + 30 (Function.h:52) 15 com.apple.JavaScriptCore 0x00000003d7c68552 WTF::Function<void ()>::operator()() const + 130 (Function.h:83) 16 com.apple.JavaScriptCore 0x00000003d7d1cba8 WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) + 424 (Threading.cpp:181) 17 com.apple.JavaScriptCore 0x00000003d7d28d48 WTF::wtfThreadEntryPoint(void*) + 24 (ThreadingPOSIX.cpp:241) 18 libsystem_pthread.dylib 0x00007fff20686954 _pthread_start + 224 19 libsystem_pthread.dylib 0x00007fff206824a7 thread_start + 15

Attachments
Patch (3.45 KB, patch) 2021-03-15 18:08 PDT, Chris Dumez	no flags	Details Formatted Diff Diff
Patch (3.57 KB, patch) 2021-03-15 19:03 PDT, Chris Dumez	no flags	Details Formatted Diff Diff
Patch (3.43 KB, patch) 2021-03-16 16:59 PDT, Chris Dumez	no flags	Details Formatted Diff Diff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.

Chris Dumez

Comment 1 2021-03-15 18:08:40 PDT

Created attachment 423275 [details] Patch

Chris Dumez

Comment 2 2021-03-15 19:03:40 PDT

Created attachment 423280 [details] Patch

Darin Adler

Comment 3 2021-03-16 14:24:12 PDT

Comment on attachment 423280 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=423280&action=review > Source/WebCore/Modules/webaudio/AudioSummingJunction.h:87 > + Optional<Vector<AudioNodeOutput*>> m_pendingRenderingOutputs; I don’t see why we have to use Optional here. If we used an empty vector instead, and replaced the checks for null with checks for an empty vector, I think all the code above would still be correct. We could then remove the special case for null/empty from updateRenderingState.

Chris Dumez

Comment 4 2021-03-16 16:59:22 PDT

Created attachment 423417 [details] Patch

EWS

Comment 5 2021-03-16 17:52:15 PDT

Committed r274541: <https://commits.webkit.org/r274541> All reviewed patches have been landed. Closing bug and clearing flags on attachment 423417 [details].

Radar WebKit Bug Importer

Comment 6 2021-03-16 17:53:15 PDT

<rdar://problem/75503829>

Note You need to log in before you can comment on or make changes to this bug.