223452 – Avoid heap allocation under AudioWorkletNode::process()

Bug 223452 - Avoid heap allocation under AudioWorkletNode::process()

Summary: Avoid heap allocation under AudioWorkletNode::process()

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Web Audio (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Chris Dumez

URL:
Keywords:	InRadar

Depends on:
Blocks:	223226
	Show dependency tree / graph

Reported:	2021-03-18 10:33 PDT by Chris Dumez
Modified:	2021-03-18 15:43 PDT (History)
CC List:	11 users (show)

See Also:

Attachments
Patch (3.91 KB, patch) 2021-03-18 10:44 PDT, Chris Dumez	no flags	Details \| Formatted Diff \| Diff
Patch (3.95 KB, patch) 2021-03-18 14:00 PDT, Chris Dumez	no flags	Details \| Formatted Diff \| Diff
Patch (3.93 KB, patch) 2021-03-18 14:35 PDT, Chris Dumez	no flags	Details \| Formatted Diff \| Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Chris Dumez 2021-03-18 10:33:19 PDT

Avoid heap allocation under AudioWorkletNode::process():
Thread 18 Crashed:: WebCore: AudioWorklet
0   com.apple.JavaScriptCore            0x000000079fd74aee 0x79fd72000 + 10990
1   com.apple.JavaScriptCore            0x00000007a151229b 0x79fd72000 + 24773275
2   com.apple.JavaScriptCore            0x000000079fdb2a5f 0x79fd72000 + 264799
3   com.apple.WebCore                   0x0000000782bfadb5 WebCore::AudioArray<float>::resize(WTF::Checked<unsigned long, WTF::CrashOnOverflow>) + 133 (AudioArray.h:65)
4   com.apple.WebCore                   0x0000000782c33965 WebCore::AudioWorkletNode::process(unsigned long) + 1333 (AudioWorkletNode.cpp:217)
5   com.apple.WebCore                   0x0000000782bd8c8e WebCore::AudioNode::processIfNecessary(unsigned long) + 462 (AudioNode.cpp:474)
6   com.apple.WebCore                   0x0000000782bdb547 WebCore::AudioNodeOutput::pull(WebCore::AudioBus*, unsigned long) + 407 (AudioNodeOutput.cpp:124)
7   com.apple.WebCore                   0x0000000782bdb316 WebCore::AudioNodeInput::sumAllConnections(WebCore::AudioBus*, unsigned long) + 566 (AudioNodeInput.cpp:197)
8   com.apple.WebCore                   0x0000000782bd3b47 WebCore::AudioNodeInput::pull(WebCore::AudioBus*, unsigned long) + 295 (AudioNodeInput.cpp:225)
9   com.apple.WebCore                   0x0000000782bd36e5 WebCore::AudioDestinationNode::render(WebCore::AudioBus*, WebCore::AudioBus*, unsigned long, WebCore::AudioIOPosition const&) + 469 (AudioDestinationNode.cpp:94)
10  com.apple.WebCore                   0x0000000782c9a7ad WebCore::OfflineAudioDestinationNode::offlineRender() + 877 (OfflineAudioDestinationNode.cpp:164)
11  com.apple.WebCore                   0x0000000782cba4c3 WebCore::OfflineAudioDestinationNode::startRendering(WTF::CompletionHandler<void (WTF::Optional<WebCore::Exception>&&)>&&)::$_2::operator()() + 35 (OfflineAudioDestinationNode.cpp:103)
12  com.apple.WebCore                   0x0000000782cba499 WebCore::OfflineAudioDestinationNode::startRendering(WTF::CompletionHandler<void (WTF::Optional<WebCore::Exception>&&)>&&)::$_3::operator()(WebCore::ScriptExecutionContext&) + 25 (OfflineAudioDestinationNode.cpp:124)
13  com.apple.WebCore                   0x0000000782cba3f3 WTF::Detail::CallableWrapper<WebCore::OfflineAudioDestinationNode::startRendering(WTF::CompletionHandler<void (WTF::Optional<WebCore::Exception>&&)>&&)::$_3, void, WebCore::ScriptExecutionContext&>::call(WebCore::ScriptExecutionContext&) + 51 (Function.h:52)
14  com.apple.WebCore                   0x0000000782f1cdaa WTF::Function<void (WebCore::ScriptExecutionContext&)>::operator()(WebCore::ScriptExecutionContext&) const + 154 (Function.h:83)
15  com.apple.WebCore                   0x0000000782f13e9d WebCore::ScriptExecutionContext::Task::performTask(WebCore::ScriptExecutionContext&) + 29 (ScriptExecutionContext.h:192)
16  com.apple.WebCore                   0x00000007856aef90 WebCore::WorkerRunLoop::Task::performTask(WebCore::WorkerOrWorkletGlobalScope*) + 128 (WorkerRunLoop.cpp:270)

Comment 1 Chris Dumez 2021-03-18 10:44:32 PDT

Created attachment 423615 [details]
Patch

Comment 2 Peng Liu 2021-03-18 13:59:36 PDT

Comment on attachment 423615 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=423615&action=review

> Source/WebCore/ChangeLog:8
> +        Always use arrays of size 128 (render quantum) for AudioParam values. We use to

Nit. s/use to/used to/g

Comment 3 Chris Dumez 2021-03-18 14:00:57 PDT

Created attachment 423650 [details]
Patch

Comment 4 Darin Adler 2021-03-18 14:33:07 PDT

Comment on attachment 423650 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=423650&action=review

> Source/WebCore/ChangeLog:26
> +        behavior is thus consistant with Blink.

consistent

> Source/WebCore/Modules/webaudio/AudioWorkletNode.cpp:215
> +            std::fill(paramValues->data(), paramValues->data() + framesToProcess, audioParam->finalValue());

How about using std::fill_n instead?

Comment 5 Chris Dumez 2021-03-18 14:35:35 PDT

Created attachment 423659 [details]
Patch

Comment 6 EWS 2021-03-18 15:42:32 PDT

Committed r274677: <https://commits.webkit.org/r274677>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 423659 [details].

Comment 7 Radar WebKit Bug Importer 2021-03-18 15:43:14 PDT

<rdar://problem/75594322>