Avoid heap allocation under AudioParamTimeline::processSetTargetFollowedByRamp(): Thread 18 Crashed:: offline renderer 0 com.apple.JavaScriptCore 0x00000006a7bb82ce 0x6a7bb6000 + 8910 1 com.apple.JavaScriptCore 0x00000006a935ad5b 0x6a7bb6000 + 24792411 2 com.apple.JavaScriptCore 0x00000006a7bf5a0b 0x6a7bb6000 + 260619 3 com.apple.WebCore 0x000000068ab657a5 WebCore::AudioParamTimeline::ParamEvent::operator new(unsigned long) + 21 (AudioParamTimeline.h:67) 4 com.apple.WebCore 0x000000068ab65d09 WTF::UniqueRef<WebCore::AudioParamTimeline::ParamEvent> WTF::makeUniqueRefWithoutFastMallocCheck<WebCore::AudioParamTimeline::ParamEvent, WebCore::AudioParamTimeline::ParamEvent::Type, float&, WTF::Seconds&, int, WTF::Seconds, WTF::Vector<float, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>, int, int, std::nullptr_t>(WebCore::AudioParamTimeline::ParamEvent::Type&&, float&, WTF::Seconds&, int&&, WTF::Seconds&&, WTF::Vector<float, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&, int&&, int&&, std::nullptr_t&&) + 105 (UniqueRef.h:38) 5 com.apple.WebCore 0x000000068ab59ba0 WTF::UniqueRef<WebCore::AudioParamTimeline::ParamEvent> WTF::makeUniqueRef<WebCore::AudioParamTimeline::ParamEvent, WebCore::AudioParamTimeline::ParamEvent::Type, float&, WTF::Seconds&, int, WTF::Seconds, WTF::Vector<float, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>, int, int, std::nullptr_t>(WebCore::AudioParamTimeline::ParamEvent::Type&&, float&, WTF::Seconds&, int&&, WTF::Seconds&&, WTF::Vector<float, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&, int&&, int&&, std::nullptr_t&&) + 304 (UniqueRef.h:45) 6 com.apple.WebCore 0x000000068ab55c00 WebCore::AudioParamTimeline::ParamEvent::createSetValueEvent(float, WTF::Seconds) + 160 (AudioParamTimeline.cpp:905) 7 com.apple.WebCore 0x000000068ab57dfc WebCore::AudioParamTimeline::processSetTargetFollowedByRamp(int, WebCore::AudioParamTimeline::ParamEvent*&, WebCore::AudioParamTimeline::ParamEvent::Type, unsigned long, double, double, float&) + 684 (AudioParamTimeline.cpp:803) 8 com.apple.WebCore 0x000000068ab573fc WebCore::AudioParamTimeline::valuesForFrameRangeImpl(unsigned long, unsigned long, float, float*, unsigned int, double, double) + 1212 (AudioParamTimeline.cpp:414) 9 com.apple.WebCore 0x000000068ab54652 WebCore::AudioParamTimeline::valuesForFrameRange(unsigned long, unsigned long, float, float, float, float*, unsigned int, double, double) + 178 (AudioParamTimeline.cpp:354) 10 com.apple.WebCore 0x000000068ab544cb WebCore::AudioParam::calculateTimelineValues(float*, unsigned int) + 219 (AudioParam.cpp:312) 11 com.apple.WebCore 0x000000068ab53fe9 WebCore::AudioParam::calculateFinalValues(float*, unsigned int, bool) + 233 (AudioParam.cpp:263) 12 com.apple.WebCore 0x000000068ab543e5 WebCore::AudioParam::calculateSampleAccurateValues(float*, unsigned int) + 245 (AudioParam.cpp:249) 13 com.apple.WebCore 0x000000068abcbdc7 WebCore::GainNode::process(unsigned long) + 503 (GainNode.cpp:84) 14 com.apple.WebCore 0x000000068ab2972e WebCore::AudioNode::processIfNecessary(unsigned long) + 462 (AudioNode.cpp:474) 15 com.apple.WebCore 0x000000068ab2bfd7 WebCore::AudioNodeOutput::pull(WebCore::AudioBus*, unsigned long) + 407 (AudioNodeOutput.cpp:120) 16 com.apple.WebCore 0x000000068ab2bda6 WebCore::AudioNodeInput::sumAllConnections(WebCore::AudioBus*, unsigned long) + 566 (AudioNodeInput.cpp:193) 17 com.apple.WebCore 0x000000068ab245e7 WebCore::AudioNodeInput::pull(WebCore::AudioBus*, unsigned long) + 295 (AudioNodeInput.cpp:221) 18 com.apple.WebCore 0x000000068ab24185 WebCore::AudioDestinationNode::render(WebCore::AudioBus*, WebCore::AudioBus*, unsigned long, WebCore::AudioIOPosition const&) + 469 (AudioDestinationNode.cpp:94) 19 com.apple.WebCore 0x000000068abe0d3d WebCore::OfflineAudioDestinationNode::offlineRender() + 877 (OfflineAudioDestinationNode.cpp:163)
Created attachment 423646 [details] Patch
Committed r274686: <https://commits.webkit.org/r274686> All reviewed patches have been landed. Closing bug and clearing flags on attachment 423646 [details].
<rdar://problem/75597040>