Bug 223477 - Avoid heap allocation under AudioParamTimeline::processSetTargetFollowedByRamp()
Summary: Avoid heap allocation under AudioParamTimeline::processSetTargetFollowedByRamp()
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Web Audio (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Chris Dumez
URL:
Keywords: InRadar
Depends on:
Blocks: 223226
  Show dependency treegraph
 
Reported: 2021-03-18 13:50 PDT by Chris Dumez
Modified: 2021-03-18 16:40 PDT (History)
11 users (show)

See Also:


Attachments
Patch (24.41 KB, patch)
2021-03-18 13:53 PDT, Chris Dumez
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Chris Dumez 2021-03-18 13:50:35 PDT
Avoid heap allocation under AudioParamTimeline::processSetTargetFollowedByRamp():
Thread 18 Crashed:: offline renderer
0   com.apple.JavaScriptCore      	0x00000006a7bb82ce 0x6a7bb6000 + 8910
1   com.apple.JavaScriptCore      	0x00000006a935ad5b 0x6a7bb6000 + 24792411
2   com.apple.JavaScriptCore      	0x00000006a7bf5a0b 0x6a7bb6000 + 260619
3   com.apple.WebCore             	0x000000068ab657a5 WebCore::AudioParamTimeline::ParamEvent::operator new(unsigned long) + 21 (AudioParamTimeline.h:67)
4   com.apple.WebCore             	0x000000068ab65d09 WTF::UniqueRef<WebCore::AudioParamTimeline::ParamEvent> WTF::makeUniqueRefWithoutFastMallocCheck<WebCore::AudioParamTimeline::ParamEvent, WebCore::AudioParamTimeline::ParamEvent::Type, float&, WTF::Seconds&, int, WTF::Seconds, WTF::Vector<float, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>, int, int, std::nullptr_t>(WebCore::AudioParamTimeline::ParamEvent::Type&&, float&, WTF::Seconds&, int&&, WTF::Seconds&&, WTF::Vector<float, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&, int&&, int&&, std::nullptr_t&&) + 105 (UniqueRef.h:38)
5   com.apple.WebCore             	0x000000068ab59ba0 WTF::UniqueRef<WebCore::AudioParamTimeline::ParamEvent> WTF::makeUniqueRef<WebCore::AudioParamTimeline::ParamEvent, WebCore::AudioParamTimeline::ParamEvent::Type, float&, WTF::Seconds&, int, WTF::Seconds, WTF::Vector<float, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>, int, int, std::nullptr_t>(WebCore::AudioParamTimeline::ParamEvent::Type&&, float&, WTF::Seconds&, int&&, WTF::Seconds&&, WTF::Vector<float, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&, int&&, int&&, std::nullptr_t&&) + 304 (UniqueRef.h:45)
6   com.apple.WebCore             	0x000000068ab55c00 WebCore::AudioParamTimeline::ParamEvent::createSetValueEvent(float, WTF::Seconds) + 160 (AudioParamTimeline.cpp:905)
7   com.apple.WebCore             	0x000000068ab57dfc WebCore::AudioParamTimeline::processSetTargetFollowedByRamp(int, WebCore::AudioParamTimeline::ParamEvent*&, WebCore::AudioParamTimeline::ParamEvent::Type, unsigned long, double, double, float&) + 684 (AudioParamTimeline.cpp:803)
8   com.apple.WebCore             	0x000000068ab573fc WebCore::AudioParamTimeline::valuesForFrameRangeImpl(unsigned long, unsigned long, float, float*, unsigned int, double, double) + 1212 (AudioParamTimeline.cpp:414)
9   com.apple.WebCore             	0x000000068ab54652 WebCore::AudioParamTimeline::valuesForFrameRange(unsigned long, unsigned long, float, float, float, float*, unsigned int, double, double) + 178 (AudioParamTimeline.cpp:354)
10  com.apple.WebCore             	0x000000068ab544cb WebCore::AudioParam::calculateTimelineValues(float*, unsigned int) + 219 (AudioParam.cpp:312)
11  com.apple.WebCore             	0x000000068ab53fe9 WebCore::AudioParam::calculateFinalValues(float*, unsigned int, bool) + 233 (AudioParam.cpp:263)
12  com.apple.WebCore             	0x000000068ab543e5 WebCore::AudioParam::calculateSampleAccurateValues(float*, unsigned int) + 245 (AudioParam.cpp:249)
13  com.apple.WebCore             	0x000000068abcbdc7 WebCore::GainNode::process(unsigned long) + 503 (GainNode.cpp:84)
14  com.apple.WebCore             	0x000000068ab2972e WebCore::AudioNode::processIfNecessary(unsigned long) + 462 (AudioNode.cpp:474)
15  com.apple.WebCore             	0x000000068ab2bfd7 WebCore::AudioNodeOutput::pull(WebCore::AudioBus*, unsigned long) + 407 (AudioNodeOutput.cpp:120)
16  com.apple.WebCore             	0x000000068ab2bda6 WebCore::AudioNodeInput::sumAllConnections(WebCore::AudioBus*, unsigned long) + 566 (AudioNodeInput.cpp:193)
17  com.apple.WebCore             	0x000000068ab245e7 WebCore::AudioNodeInput::pull(WebCore::AudioBus*, unsigned long) + 295 (AudioNodeInput.cpp:221)
18  com.apple.WebCore             	0x000000068ab24185 WebCore::AudioDestinationNode::render(WebCore::AudioBus*, WebCore::AudioBus*, unsigned long, WebCore::AudioIOPosition const&) + 469 (AudioDestinationNode.cpp:94)
19  com.apple.WebCore             	0x000000068abe0d3d WebCore::OfflineAudioDestinationNode::offlineRender() + 877 (OfflineAudioDestinationNode.cpp:163)
Comment 1 Chris Dumez 2021-03-18 13:53:03 PDT
Created attachment 423646 [details]
Patch
Comment 2 EWS 2021-03-18 16:39:09 PDT
Committed r274686: <https://commits.webkit.org/r274686>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 423646 [details].
Comment 3 Radar WebKit Bug Importer 2021-03-18 16:40:15 PDT
<rdar://problem/75597040>