RESOLVED FIXED 139545
[Web Audio] Decoding specific .m4a file crashes tab 
https://bugs.webkit.org/show_bug.cgi?id=139545
Summary [Web Audio] Decoding specific .m4a file crashes tab
Ashley Gullen
Reported 2014-12-11 10:27:06 PST
Visit this URL in Safari on iOS 8.1.2: http://www.scirra.com/labs/bugs/audiodecodecrash/ It attempts to download a file called step1.m4a and decode it with a Web Audio context. It immediately crashes the tab. It should call either the decode success or failure callbacks, alerting either "Audio decode OK" or "Audio decode error".
Attachments
Patch (5.03 KB, patch)
2015-03-05 11:05 PST, Jer Noble 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2014-12-14 18:48:41 PST
I can reproduce on OS X, too. Thread 13 Crashed:: Audio Decoder 0 com.apple.JavaScriptCore 0x000000011095bf6e WTFCrash + 62 1 com.apple.WebCore 0x0000000111165799 WTF::CrashOnOverflow::overflowed() + 9 2 com.apple.WebCore 0x00000001111a0320 WTF::Checked<unsigned long, WTF::CrashOnOverflow>::Checked(WTF::ResultOverflowedTag) + 16 3 com.apple.WebCore 0x00000001111a0309 WTF::Checked<unsigned long, WTF::CrashOnOverflow>::Checked(WTF::ResultOverflowedTag) + 9 4 com.apple.WebCore 0x00000001111a02f9 WebCore::AudioArray<float>::allocate(WTF::Checked<unsigned long, WTF::CrashOnOverflow>) + 217 5 com.apple.WebCore 0x000000011119e104 WebCore::AudioBus::AudioBus(unsigned int, unsigned long, bool) + 260 6 com.apple.WebCore 0x000000011119dfe5 WebCore::AudioBus::create(unsigned int, unsigned long, bool) + 69 rdar://problem/18921312
Jer Noble
Comment 2 2015-03-05 11:05:45 PST
Created attachment 247970 [details] Patch
WebKit Commit Bot
Comment 3 2015-03-06 11:31:42 PST
Comment on attachment 247970 [details] Patch Clearing flags on attachment: 247970 Committed r181174: <http://trac.webkit.org/changeset/181174>
WebKit Commit Bot
Comment 4 2015-03-06 11:31:46 PST
All reviewed patches have been landed. Closing bug.
Alexey Proskuryakov
Comment 5 2016-07-24 11:31:32 PDT
This still reproduces on iOS, filed bug 160146.
Note You need to log in before you can comment on or make changes to this bug.