RESOLVED FIXED 223445
Avoid heap allocation under PannerNode::pullInputs() 
https://bugs.webkit.org/show_bug.cgi?id=223445
Summary Avoid heap allocation under PannerNode::pullInputs()
Chris Dumez
Reported 2021-03-18 09:18:09 PDT
Avoid heap allocation under PannerNode::pullInputs(): Thread 10 Crashed:: offline renderer 0 com.apple.JavaScriptCore 0x0000000357d88aee 0x357d86000 + 10990 1 com.apple.JavaScriptCore 0x000000035952629b 0x357d86000 + 24773275 2 com.apple.JavaScriptCore 0x0000000357dc637b 0x357d86000 + 263035 3 com.apple.WebCore 0x0000000338910e15 WTF::Lock::operator new(unsigned long) + 21 (Lock.h:52) 4 com.apple.WebCore 0x0000000338910da4 std::__1::__unique_if<WTF::Lock>::__unique_single std::__1::make_unique<WTF::Lock>() + 36 (memory:2755) 5 com.apple.WebCore 0x00000003389106bb decltype(auto) WTF::makeUnique<WTF::Lock>() + 27 (StdLibExtras.h:507) 6 com.apple.WebCore 0x000000033ac6576d WTF::HashTable<WebCore::AudioNode*, WebCore::AudioNode*, WTF::IdentityExtractor, WTF::DefaultHash<WebCore::AudioNode*>, WTF::HashTraits<WebCore::AudioNode*>, WTF::HashTraits<WebCore::AudioNode*> >::HashTable() + 45 (HashTable.h:616) 7 com.apple.WebCore 0x000000033ac65735 WTF::HashTable<WebCore::AudioNode*, WebCore::AudioNode*, WTF::IdentityExtractor, WTF::DefaultHash<WebCore::AudioNode*>, WTF::HashTraits<WebCore::AudioNode*>, WTF::HashTraits<WebCore::AudioNode*> >::HashTable() + 21 (HashTable.h:621) 8 com.apple.WebCore 0x000000033ac65715 WTF::HashSet<WebCore::AudioNode*, WTF::DefaultHash<WebCore::AudioNode*>, WTF::HashTraits<WebCore::AudioNode*> >::HashSet() + 21 (HashSet.h:62) 9 com.apple.WebCore 0x000000033ac3a8e5 WTF::HashSet<WebCore::AudioNode*, WTF::DefaultHash<WebCore::AudioNode*>, WTF::HashTraits<WebCore::AudioNode*> >::HashSet() + 21 (HashSet.h:63) 10 com.apple.WebCore 0x000000033aca1f56 WebCore::PannerNode::pullInputs(unsigned long) + 102 (PannerNode.cpp:120) 11 com.apple.WebCore 0x000000033abdc4db WebCore::AudioNode::processIfNecessary(unsigned long) + 235 (AudioNode.cpp:461) 12 com.apple.WebCore 0x000000033abdee77 WebCore::AudioNodeOutput::pull(WebCore::AudioBus*, unsigned long) + 407 (AudioNodeOutput.cpp:124) 13 com.apple.WebCore 0x000000033abdec46 WebCore::AudioNodeInput::sumAllConnections(WebCore::AudioBus*, unsigned long) + 566 (AudioNodeInput.cpp:197) 14 com.apple.WebCore 0x000000033abd7477 WebCore::AudioNodeInput::pull(WebCore::AudioBus*, unsigned long) + 295 (AudioNodeInput.cpp:225) 15 com.apple.WebCore 0x000000033abd7015 WebCore::AudioDestinationNode::render(WebCore::AudioBus*, WebCore::AudioBus*, unsigned long, WebCore::AudioIOPosition const&) + 469 (AudioDestinationNode.cpp:94) 16 com.apple.WebCore 0x000000033ac9e11d WebCore::OfflineAudioDestinationNode::offlineRender() + 877 (OfflineAudioDestinationNode.cpp:164) 17 com.apple.WebCore 0x000000033acbe213 WebCore::OfflineAudioDestinationNode::startRendering(WTF::CompletionHandler<void (WTF::Optional<WebCore::Exception>&&)>&&)::$_2::operator()() + 35 (OfflineAudioDestinationNode.cpp:103) 18 com.apple.WebCore 0x000000033acbfbee WTF::Detail::CallableWrapper<WebCore::OfflineAudioDestinationNode::startRendering(WTF::CompletionHandler<void (WTF::Optional<WebCore::Exception>&&)>&&)::$_2, void>::call() + 30 (Function.h:52)
Attachments
Patch (14.18 KB, patch)
2021-03-18 09:24 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2021-03-18 09:24:21 PDT
Created attachment 423605 [details] Patch
EWS
Comment 2 2021-03-18 10:51:07 PDT
Committed r274650: <https://commits.webkit.org/r274650> All reviewed patches have been landed. Closing bug and clearing flags on attachment 423605 [details].
Radar WebKit Bug Importer
Comment 3 2021-03-18 10:52:20 PDT
<rdar://problem/75580369>
Note You need to log in before you can comment on or make changes to this bug.