Crash when accessing OfflineAudioContext.length after failing to construct rendering AudioBuffer: Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000024 Exception Note: EXC_CORPSE_NOTIFY Termination Signal: Segmentation fault: 11 Termination Reason: Namespace SIGNAL, Code 0xb Terminating Process: exc handler [16605] Thread 0 Crashed: 0 com.apple.WebCore 0x000000014aad3f84 WTF::Vector<WTF::RefPtr<JSC::GenericTypedArrayView<JSC::Float32Adaptor>, WTF::RawPtrTraits<JSC::GenericTypedArrayView<JSC::Float32Adaptor> >, WTF::DefaultRefDerefTraits<JSC::GenericTypedArrayView<JSC::Float32Adaptor> > >, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>::end() const + 0 (Vector.h:733) [inlined] 1 com.apple.WebCore 0x000000014aad3f84 WebCore::AudioBuffer::hasDetachedChannelBuffer() const + 4 (AudioBuffer.cpp:250) 2 com.apple.WebCore 0x000000014ab18015 WebCore::AudioBuffer::length() const + 8 (AudioBuffer.h:57) [inlined] 3 com.apple.WebCore 0x000000014ab18015 WebCore::OfflineAudioContext::length() const + 21 (OfflineAudioContext.cpp:222) 4 com.apple.WebCore 0x000000014a4e7091 WebCore::jsOfflineAudioContext_lengthGetter(JSC::JSGlobalObject&, WebCore::JSOfflineAudioContext&) + 13 (JSOfflineAudioContext.cpp:260) [inlined] 5 com.apple.WebCore 0x000000014a4e7091 long long WebCore::IDLAttribute<WebCore::JSOfflineAudioContext>::get<&(WebCore::jsOfflineAudioContext_lengthGetter(JSC::JSGlobalObject&, WebCore::JSOfflineAudioContext&)), (WebCore::CastedThisErrorBehavior)3>(JSC::JSGlobalObject&, long long, char const*) + 13 (JSDOMAttribute.h:67) [inlined] 6 com.apple.WebCore 0x000000014a4e7091 WebCore::jsOfflineAudioContext_length(JSC::JSGlobalObject*, long long, JSC::PropertyName) + 17 (JSOfflineAudioContext.cpp:265)
<rdar://problem/71186978>
Created attachment 413704 [details] Patch
Committed r269632: <https://trac.webkit.org/changeset/269632> All reviewed patches have been landed. Closing bug and clearing flags on attachment 413704 [details].