Bug 223272

Summary: Avoid heap allocation under AudioDestinationCocoa::render()
Product: WebKit Reporter: Chris Dumez <cdumez>
Component: Web AudioAssignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: calvaris, cdumez, darin, eric.carlson, ews-watchlist, ggaren, glenn, jer.noble, peng.liu6, philipj, pnormand, sam, sergio, vjaquez, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=223840
Bug Depends on:    
Bug Blocks: 223226    
Attachments:
Description Flags
Patch
none
Patch
ews-feeder: commit-queue-
Patch
none
Patch none

Chris Dumez
Reported 2021-03-16 12:45:40 PDT
Avoid heap allocation under AudioDestinationCocoa::render(): Thread 9 Crashed:: RemoteAudioDestinationProxy render thread 0 com.apple.JavaScriptCore 0x0000000527c4bb6e WTFCrash + 14 (Assertions.cpp:295) 1 com.apple.JavaScriptCore 0x00000005293e893b WTFCrashWithInfo(int, char const*, char const*, int) + 27 (Assertions.h:671) 2 com.apple.JavaScriptCore 0x0000000527c892f7 WTF::fastMalloc(unsigned long) + 215 (FastMalloc.cpp:512) 3 com.apple.WebCore 0x00000005088cc075 WTF::Detail::CallableWrapperBase<void>::operator new(unsigned long) + 21 (Function.h:37) 4 com.apple.WebCore 0x000000050c80418b std::__1::__unique_if<WTF::Detail::CallableWrapper<WebCore::AudioDestinationCocoa::render(double, unsigned long long, unsigned int, AudioBufferList*)::$_19, void> >::__unique_single std::__1::make_unique<WTF::Detail::CallableWrapper<WebCore::AudioDestinationCocoa::render(double, unsigned long long, unsigned int, AudioBufferList*)::$_19, void>, WebCore::AudioDestinationCocoa::render(double, unsigned long long, unsigned int, AudioBufferList*)::$_19>(WebCore::AudioDestinationCocoa::render(double, unsigned long long, unsigned int, AudioBufferList*)::$_19&&) + 43 (memory:2755) 5 com.apple.WebCore 0x000000050c8040f6 decltype(auto) WTF::makeUnique<WTF::Detail::CallableWrapper<WebCore::AudioDestinationCocoa::render(double, unsigned long long, unsigned int, AudioBufferList*)::$_19, void>, WebCore::AudioDestinationCocoa::render(double, unsigned long long, unsigned int, AudioBufferList*)::$_19>(WebCore::AudioDestinationCocoa::render(double, unsigned long long, unsigned int, AudioBufferList*)::$_19&&) + 54 (StdLibExtras.h:507) 6 com.apple.WebCore 0x000000050c8040a0 WTF::Function<void ()>::Function<WebCore::AudioDestinationCocoa::render(double, unsigned long long, unsigned int, AudioBufferList*)::$_19, void>(WebCore::AudioDestinationCocoa::render(double, unsigned long long, unsigned int, AudioBufferList*)::$_19&&) + 48 (Function.h:74) 7 com.apple.WebCore 0x000000050c7fdb3d WTF::Function<void ()>::Function<WebCore::AudioDestinationCocoa::render(double, unsigned long long, unsigned int, AudioBufferList*)::$_19, void>(WebCore::AudioDestinationCocoa::render(double, unsigned long long, unsigned int, AudioBufferList*)::$_19&&) + 29 (Function.h:74) 8 com.apple.WebCore 0x000000050c7fd7f3 WebCore::AudioDestinationCocoa::render(double, unsigned long long, unsigned int, AudioBufferList*) + 659 (AudioDestinationCocoa.cpp:229) 9 com.apple.WebKit 0x00000004f9bd89ea WebKit::RemoteAudioDestinationProxy::renderQuantum() + 250 (RemoteAudioDestinationProxy.cpp:166) 10 com.apple.WebKit 0x00000004f9c0166f WebKit::RemoteAudioDestinationProxy::startRenderingThread()::$_10::operator()() + 95 (RemoteAudioDestinationProxy.cpp:87) 11 com.apple.WebKit 0x00000004f9c015de WTF::Detail::CallableWrapper<WebKit::RemoteAudioDestinationProxy::startRenderingThread()::$_10, void>::call() + 30 (Function.h:52) 12 com.apple.JavaScriptCore 0x0000000527c74172 WTF::Function<void ()>::operator()() const + 130 (Function.h:83) 13 com.apple.JavaScriptCore 0x0000000527d28948 WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) + 424 (Threading.cpp:181) 14 com.apple.JavaScriptCore 0x0000000527d34ae8 WTF::wtfThreadEntryPoint(void*) + 24 (ThreadingPOSIX.cpp:241) 15 libsystem_pthread.dylib 0x00007fff20686954 _pthread_start + 224 16 libsystem_pthread.dylib 0x00007fff206824a7 thread_start + 15
Attachments
Patch (5.91 KB, patch)
2021-03-16 12:49 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (5.98 KB, patch)
2021-03-16 13:16 PDT, Chris Dumez 		ews-feeder: commit-queue-
DetailsFormatted DiffDiff
Patch (5.99 KB, patch)
2021-03-16 13:38 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (6.08 KB, patch)
2021-03-16 13:45 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2021-03-16 12:49:19 PDT
Created attachment 423382 [details] Patch
Chris Dumez
Comment 2 2021-03-16 13:16:50 PDT
Created attachment 423391 [details] Patch
Chris Dumez
Comment 3 2021-03-16 13:38:52 PDT
Created attachment 423393 [details] Patch
Peng Liu
Comment 4 2021-03-16 13:43:53 PDT
Comment on attachment 423393 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=423393&action=review > Source/WebCore/platform/audio/gstreamer/WebKitWebAudioSourceGStreamer.cpp:407 > if (!locker || !priv->dispatchToRenderThreadFunction) Do we need to do the same thing for GStreamer port as for Cocoa here?
Chris Dumez
Comment 5 2021-03-16 13:44:39 PDT
Comment on attachment 423393 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=423393&action=review >> Source/WebCore/platform/audio/gstreamer/WebKitWebAudioSourceGStreamer.cpp:407 >> if (!locker || !priv->dispatchToRenderThreadFunction) > > Do we need to do the same thing for GStreamer port as for Cocoa here? Oh, I missed that. Thanks.
Chris Dumez
Comment 6 2021-03-16 13:45:22 PDT
Created attachment 423394 [details] Patch
EWS
Comment 7 2021-03-16 15:52:18 PDT
Committed r274527: <https://commits.webkit.org/r274527> All reviewed patches have been landed. Closing bug and clearing flags on attachment 423394 [details].
Radar WebKit Bug Importer
Comment 8 2021-03-16 15:53:34 PDT
<rdar://problem/75498622>
Note You need to log in before you can comment on or make changes to this bug.