Changeset 246437 in webkit
- Timestamp:
- Jun 14, 2019 10:42:13 AM (5 years ago)
- Location:
- trunk/Source/WebCore
- Files:
-
- 3 edited
-
ChangeLog (modified) (1 diff)
-
Modules/webaudio/AudioContext.cpp (modified) (13 diffs)
-
Modules/webaudio/AudioContext.h (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r246436 r246437 1 2019-06-14 Jer Noble <jer.noble@apple.com> 2 3 CRASH(nullptr) in WebCore::jsAudioContextCurrentTime() 4 https://bugs.webkit.org/show_bug.cgi?id=198859 5 <rdar://problem/27986991> 6 7 Reviewed by Eric Carlson. 8 9 AudioContext's m_destinationNode can become null during iframe teardown, 10 but can AudioContext methods can still be called by JavaScript. Add null-checks 11 to all (remaing) unprotected dereferences of m_destinationNode. 12 13 * Modules/webaudio/AudioContext.cpp: 14 (WebCore::AudioContext::uninitialize): 15 (WebCore::AudioContext::createBufferSource): 16 (WebCore::AudioContext::createScriptProcessor): 17 (WebCore::AudioContext::createBiquadFilter): 18 (WebCore::AudioContext::createPanner): 19 (WebCore::AudioContext::createConvolver): 20 (WebCore::AudioContext::createDynamicsCompressor): 21 (WebCore::AudioContext::createAnalyser): 22 (WebCore::AudioContext::createGain): 23 (WebCore::AudioContext::createDelay): 24 (WebCore::AudioContext::createChannelSplitter): 25 (WebCore::AudioContext::createChannelMerger): 26 (WebCore::AudioContext::createOscillator): 27 * Modules/webaudio/AudioContext.h: 28 (WebCore::AudioContext::currentSampleFrame const): 29 (WebCore::AudioContext::currentTime const): 30 (WebCore::AudioContext::sampleRate const): 31 1 32 2019-06-14 Youenn Fablet <youenn@apple.com> 2 33 -
trunk/Source/WebCore/Modules/webaudio/AudioContext.cpp
r245889 r246437 268 268 269 269 // This stops the audio thread and all audio rendering. 270 m_destinationNode->uninitialize(); 270 if (m_destinationNode) 271 m_destinationNode->uninitialize(); 271 272 272 273 // Don't allow the context to initialize a second time after it's already been explicitly uninitialized. … … 442 443 443 444 lazyInitialize(); 444 Ref<AudioBufferSourceNode> node = AudioBufferSourceNode::create(*this, m_destinationNode->sampleRate());445 Ref<AudioBufferSourceNode> node = AudioBufferSourceNode::create(*this, sampleRate()); 445 446 446 447 // Because this is an AudioScheduledSourceNode, the context keeps a reference until it has finished playing. … … 578 579 return Exception { NotSupportedError }; 579 580 580 auto node = ScriptProcessorNode::create(*this, m_destinationNode->sampleRate(), bufferSize, numberOfInputChannels, numberOfOutputChannels);581 auto node = ScriptProcessorNode::create(*this, sampleRate(), bufferSize, numberOfInputChannels, numberOfOutputChannels); 581 582 582 583 refNode(node); // context keeps reference until we stop making javascript rendering callbacks … … 594 595 lazyInitialize(); 595 596 596 return BiquadFilterNode::create(*this, m_destinationNode->sampleRate());597 return BiquadFilterNode::create(*this, sampleRate()); 597 598 } 598 599 … … 618 619 619 620 lazyInitialize(); 620 return PannerNode::create(*this, m_destinationNode->sampleRate());621 return PannerNode::create(*this, sampleRate()); 621 622 } 622 623 … … 630 631 631 632 lazyInitialize(); 632 return ConvolverNode::create(*this, m_destinationNode->sampleRate());633 return ConvolverNode::create(*this, sampleRate()); 633 634 } 634 635 … … 642 643 643 644 lazyInitialize(); 644 return DynamicsCompressorNode::create(*this, m_destinationNode->sampleRate());645 return DynamicsCompressorNode::create(*this, sampleRate()); 645 646 } 646 647 … … 654 655 655 656 lazyInitialize(); 656 return AnalyserNode::create(*this, m_destinationNode->sampleRate());657 return AnalyserNode::create(*this, sampleRate()); 657 658 } 658 659 … … 666 667 667 668 lazyInitialize(); 668 return GainNode::create(*this, m_destinationNode->sampleRate());669 return GainNode::create(*this, sampleRate()); 669 670 } 670 671 … … 678 679 679 680 lazyInitialize(); 680 return DelayNode::create(*this, m_destinationNode->sampleRate(), maxDelayTime);681 return DelayNode::create(*this, sampleRate(), maxDelayTime); 681 682 } 682 683 … … 690 691 691 692 lazyInitialize(); 692 auto node = ChannelSplitterNode::create(*this, m_destinationNode->sampleRate(), numberOfOutputs);693 auto node = ChannelSplitterNode::create(*this, sampleRate(), numberOfOutputs); 693 694 if (!node) 694 695 return Exception { IndexSizeError }; … … 705 706 706 707 lazyInitialize(); 707 auto node = ChannelMergerNode::create(*this, m_destinationNode->sampleRate(), numberOfInputs);708 auto node = ChannelMergerNode::create(*this, sampleRate(), numberOfInputs); 708 709 if (!node) 709 710 return Exception { IndexSizeError }; … … 721 722 lazyInitialize(); 722 723 723 Ref<OscillatorNode> node = OscillatorNode::create(*this, m_destinationNode->sampleRate());724 Ref<OscillatorNode> node = OscillatorNode::create(*this, sampleRate()); 724 725 725 726 // Because this is an AudioScheduledSourceNode, the context keeps a reference until it has finished playing. -
trunk/Source/WebCore/Modules/webaudio/AudioContext.h
r244977 r246437 109 109 110 110 AudioDestinationNode* destination() { return m_destinationNode.get(); } 111 size_t currentSampleFrame() const { return m_destinationNode ->currentSampleFrame(); }112 double currentTime() const { return m_destinationNode ->currentTime(); }113 float sampleRate() const { return m_destinationNode ->sampleRate(); }111 size_t currentSampleFrame() const { return m_destinationNode ? m_destinationNode->currentSampleFrame() : 0; } 112 double currentTime() const { return m_destinationNode ? m_destinationNode->currentTime() : 0.; } 113 float sampleRate() const { return m_destinationNode ? m_destinationNode->sampleRate() : 0.f; } 114 114 unsigned long activeSourceCount() const { return static_cast<unsigned long>(m_activeSourceCount); } 115 115
Note: See TracChangeset
for help on using the changeset viewer.
