Do more rigorous bounds checking in AudioBufferSourceNode::renderFromBuffer()
Created attachment 105876 [details] Patch
Created attachment 105877 [details] Patch
Comment on attachment 105877 [details] Patch Clearing flags on attachment: 105877 Committed r94265: <http://trac.webkit.org/changeset/94265>
All reviewed patches have been landed. Closing bug.
It feels like this patch is lacking in the details that would be helpful in the future when someone has to look at this code and try to figure out why it was needed. Here's what seems missing to me. Why is more rigorous bounds checking needed? Is it possible to hit this code or is it some theoretical defensive thing? Why 4096? And why <= as opposed to < ?
(In reply to comment #5) > It feels like this patch is lacking in the details that would be helpful in the future when someone has to look at this code and try to figure out why it was needed. > > Here's what seems missing to me. > > Why is more rigorous bounds checking needed? > Is it possible to hit this code or is it some theoretical defensive thing? > Why 4096? And why <= as opposed to < ? I can add some more details in comments. In short, this is a defensive check which "probably" should not be possible to hit. The main problem pointed out to me was that there was the potential for integer overflow in the sanity check following this code. This check prevents the overflow from being possible.