Bug 223466

Summary: Avoid heap allocation under PannerNode::processSampleAccurateValues()
Product: WebKit Reporter: Chris Dumez <cdumez>
Component: Web AudioAssignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: cdumez, darin, eric.carlson, ews-watchlist, ggaren, glenn, jer.noble, peng.liu6, philipj, sergio, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 223226    
Attachments:
Description Flags
Patch none

Chris Dumez
Reported 2021-03-18 12:20:00 PDT
Avoid heap allocation under PannerNode::processSampleAccurateValues(): Thread 19 Crashed:: offline renderer 0 com.apple.JavaScriptCore 0x0000000217bb82ce 0x217bb6000 + 8910 1 com.apple.JavaScriptCore 0x000000021935ad5b 0x217bb6000 + 24792411 2 com.apple.JavaScriptCore 0x0000000217bf5a0b 0x217bb6000 + 260619 3 com.apple.WebCore 0x00000001fab93ed5 WTF::RefCounted<WebCore::AudioListener, std::__1::default_delete<WebCore::AudioListener> >::operator new(unsigned long) + 21 (RefCounted.h:185) 4 com.apple.WebCore 0x00000001fab84e6b WebCore::AudioListener::create(WebCore::BaseAudioContext&) + 43 (AudioListener.h:49) 5 com.apple.WebCore 0x00000001fab84d2f WebCore::BaseAudioContext::listener() + 143 (BaseAudioContext.cpp:372) 6 com.apple.WebCore 0x00000001fabe4e90 WebCore::PannerNode::listener() + 32 (PannerNode.cpp:269) 7 com.apple.WebCore 0x00000001fabe5162 WebCore::PannerNode::processSampleAccurateValues(WebCore::AudioBus*, WebCore::AudioBus const*, unsigned long) + 402 (PannerNode.cpp:194) 8 com.apple.WebCore 0x00000001fabe4c82 WebCore::PannerNode::process(unsigned long) + 514 (PannerNode.cpp:141) 9 com.apple.WebCore 0x00000001fab2948e WebCore::AudioNode::processIfNecessary(unsigned long) + 462 (AudioNode.cpp:474) 10 com.apple.WebCore 0x00000001fab2bd37 WebCore::AudioNodeOutput::pull(WebCore::AudioBus*, unsigned long) + 407 (AudioNodeOutput.cpp:120) 11 com.apple.WebCore 0x00000001fab2bb06 WebCore::AudioNodeInput::sumAllConnections(WebCore::AudioBus*, unsigned long) + 566 (AudioNodeInput.cpp:193) 12 com.apple.WebCore 0x00000001fab24347 WebCore::AudioNodeInput::pull(WebCore::AudioBus*, unsigned long) + 295 (AudioNodeInput.cpp:221) 13 com.apple.WebCore 0x00000001fab23ee5 WebCore::AudioDestinationNode::render(WebCore::AudioBus*, WebCore::AudioBus*, unsigned long, WebCore::AudioIOPosition const&) + 469 (AudioDestinationNode.cpp:94) 14 com.apple.WebCore 0x00000001fabe0d2d WebCore::OfflineAudioDestinationNode::offlineRender() + 877 (OfflineAudioDestinationNode.cpp:163) 15 com.apple.WebCore 0x00000001fac00a43 WebCore::OfflineAudioDestinationNode::startRendering(WTF::CompletionHandler<void (WTF::Optional<WebCore::Exception>&&)>&&)::$_2::operator()() + 35 (OfflineAudioDestinationNode.cpp:103) 16 com.apple.WebCore 0x00000001fac0241e WTF::Detail::CallableWrapper<WebCore::OfflineAudioDestinationNode::startRendering(WTF::CompletionHandler<void (WTF::Optional<WebCore::Exception>&&)>&&)::$_2, void>::call() + 30 (Function.h:52) 17 com.apple.JavaScriptCore 0x0000000217be08c2 0x217bb6000 + 174274 18 com.apple.JavaScriptCore 0x0000000217c955c8 0x217bb6000 + 914888 19 com.apple.JavaScriptCore 0x0000000217ca16f8 0x217bb6000 + 964344 20 libsystem_pthread.dylib 0x00007fff2041f954 0x7fff20419000 + 26964 21 libsystem_pthread.dylib 0x00007fff2041b4a7 0x7fff20419000 + 9383
Attachments
Patch (10.50 KB, patch)
2021-03-18 13:11 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2021-03-18 13:11:03 PDT
Created attachment 423640 [details] Patch
EWS
Comment 2 2021-03-18 15:53:57 PDT
Committed r274679: <https://commits.webkit.org/r274679> All reviewed patches have been landed. Closing bug and clearing flags on attachment 423640 [details].
Radar WebKit Bug Importer
Comment 3 2021-03-18 15:54:17 PDT
<rdar://problem/75594894>
Note You need to log in before you can comment on or make changes to this bug.