RESOLVED FIXED 218754
Crash when accessing OfflineAudioContext.length after failing to construct rendering AudioBuffer 
https://bugs.webkit.org/show_bug.cgi?id=218754
Summary Crash when accessing OfflineAudioContext.length after failing to construct re...
Chris Dumez
Reported 2020-11-10 08:41:43 PST
Crash when accessing OfflineAudioContext.length after failing to construct rendering AudioBuffer: Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000024 Exception Note: EXC_CORPSE_NOTIFY Termination Signal: Segmentation fault: 11 Termination Reason: Namespace SIGNAL, Code 0xb Terminating Process: exc handler [16605] Thread 0 Crashed: 0 com.apple.WebCore 0x000000014aad3f84 WTF::Vector<WTF::RefPtr<JSC::GenericTypedArrayView<JSC::Float32Adaptor>, WTF::RawPtrTraits<JSC::GenericTypedArrayView<JSC::Float32Adaptor> >, WTF::DefaultRefDerefTraits<JSC::GenericTypedArrayView<JSC::Float32Adaptor> > >, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>::end() const + 0 (Vector.h:733) [inlined] 1 com.apple.WebCore 0x000000014aad3f84 WebCore::AudioBuffer::hasDetachedChannelBuffer() const + 4 (AudioBuffer.cpp:250) 2 com.apple.WebCore 0x000000014ab18015 WebCore::AudioBuffer::length() const + 8 (AudioBuffer.h:57) [inlined] 3 com.apple.WebCore 0x000000014ab18015 WebCore::OfflineAudioContext::length() const + 21 (OfflineAudioContext.cpp:222) 4 com.apple.WebCore 0x000000014a4e7091 WebCore::jsOfflineAudioContext_lengthGetter(JSC::JSGlobalObject&, WebCore::JSOfflineAudioContext&) + 13 (JSOfflineAudioContext.cpp:260) [inlined] 5 com.apple.WebCore 0x000000014a4e7091 long long WebCore::IDLAttribute<WebCore::JSOfflineAudioContext>::get<&(WebCore::jsOfflineAudioContext_lengthGetter(JSC::JSGlobalObject&, WebCore::JSOfflineAudioContext&)), (WebCore::CastedThisErrorBehavior)3>(JSC::JSGlobalObject&, long long, char const*) + 13 (JSDOMAttribute.h:67) [inlined] 6 com.apple.WebCore 0x000000014a4e7091 WebCore::jsOfflineAudioContext_length(JSC::JSGlobalObject*, long long, JSC::PropertyName) + 17 (JSOfflineAudioContext.cpp:265)
Attachments
Patch (9.50 KB, patch)
2020-11-10 09:03 PST, Chris Dumez 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2020-11-10 08:41:58 PST
<rdar://problem/71186978>
Chris Dumez
Comment 2 2020-11-10 09:03:56 PST
Created attachment 413704 [details] Patch
EWS
Comment 3 2020-11-10 11:15:55 PST
Committed r269632: <https://trac.webkit.org/changeset/269632> All reviewed patches have been landed. Closing bug and clearing flags on attachment 413704 [details].
Note You need to log in before you can comment on or make changes to this bug.