Changeset 214618 in webkit
- Timestamp:
- Mar 30, 2017 1:17:08 PM (7 years ago)
- Location:
- trunk
- Files:
-
- 2 added
- 4 edited
-
LayoutTests/ChangeLog (modified) (1 diff)
-
LayoutTests/webaudio/audiobuffer-crash-expected.txt (added)
-
LayoutTests/webaudio/audiobuffer-crash.html (added)
-
Source/WebCore/ChangeLog (modified) (1 diff)
-
Source/WebCore/Modules/webaudio/AudioBuffer.cpp (modified) (3 diffs)
-
Source/WebCore/Modules/webaudio/AudioBuffer.h (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r214613 r214618 1 2017-03-30 Eric Carlson <eric.carlson@apple.com> 2 3 [Crash] WebCore::AudioBuffer::AudioBuffer don't checking illegal value 4 https://bugs.webkit.org/show_bug.cgi?id=169956 5 6 Reviewed by Youenn Fablet. 7 8 * webaudio/audiobuffer-crash-expected.txt: Added. 9 * webaudio/audiobuffer-crash.html: Added. 10 1 11 2017-03-30 Simon Fraser <simon.fraser@apple.com> 2 12 -
trunk/Source/WebCore/ChangeLog
r214614 r214618 1 2017-03-30 Eric Carlson <eric.carlson@apple.com> 2 3 [Crash] WebCore::AudioBuffer::AudioBuffer don't checking illegal value 4 https://bugs.webkit.org/show_bug.cgi?id=169956 5 6 Reviewed by Youenn Fablet. 7 8 Test: webaudio/audiobuffer-crash.html 9 10 * Modules/webaudio/AudioBuffer.cpp: 11 (WebCore::AudioBuffer::AudioBuffer): Invalidate the object and return early if the channel 12 array allocation fails. 13 (WebCore::AudioBuffer::AudioBuffer): Ditto. 14 (WebCore::AudioBuffer::invalidate): Invalidate the object. 15 * Modules/webaudio/AudioBuffer.h: 16 1 17 2017-03-30 Antoine Quint <graouts@apple.com> 2 18 -
trunk/Source/WebCore/Modules/webaudio/AudioBuffer.cpp
r208209 r214618 44 44 if (sampleRate < 22050 || sampleRate > 96000 || numberOfChannels > AudioContext::maxNumberOfChannels() || !numberOfFrames) 45 45 return nullptr; 46 return adoptRef(*new AudioBuffer(numberOfChannels, numberOfFrames, sampleRate)); 46 47 auto buffer = adoptRef(*new AudioBuffer(numberOfChannels, numberOfFrames, sampleRate)); 48 if (!buffer->m_length) 49 return nullptr; 50 51 return WTFMove(buffer); 47 52 } 48 53 … … 62 67 63 68 for (unsigned i = 0; i < numberOfChannels; ++i) { 64 RefPtr<Float32Array> channelDataArray = Float32Array::create(m_length); 69 auto channelDataArray = Float32Array::create(m_length); 70 if (!channelDataArray) { 71 invalidate(); 72 break; 73 } 74 65 75 channelDataArray->setNeuterable(false); 66 m_channels.append( channelDataArray);76 m_channels.append(WTFMove(channelDataArray)); 67 77 } 68 78 } … … 77 87 for (unsigned i = 0; i < numberOfChannels; ++i) { 78 88 auto channelDataArray = Float32Array::create(m_length); 89 if (!channelDataArray) { 90 invalidate(); 91 break; 92 } 93 79 94 channelDataArray->setNeuterable(false); 80 95 channelDataArray->setRange(bus.channel(i)->data(), m_length, 0); 81 96 m_channels.append(WTFMove(channelDataArray)); 82 97 } 98 } 99 100 void AudioBuffer::invalidate() 101 { 102 releaseMemory(); 103 m_length = 0; 83 104 } 84 105 -
trunk/Source/WebCore/Modules/webaudio/AudioBuffer.h
r207050 r214618 70 70 explicit AudioBuffer(AudioBus&); 71 71 72 void invalidate(); 73 72 74 double m_gain { 1.0 }; // scalar gain 73 75 float m_sampleRate;
Note: See TracChangeset
for help on using the changeset viewer.
