Changeset 90839 in webkit


Ignore:
Timestamp:
Jul 12, 2011 12:16:53 PM (13 years ago)
Author:
crogers@google.com
Message:

2011-07-12 Chris Rogers <crogers@google.com>

webkitAudioContext does not do proper sanity checking on its arguments.
https://bugs.webkit.org/show_bug.cgi?id=64076

Reviewed by Kenneth Russell.

No new tests since audio API is not yet implemented.

  • bindings/js/JSAudioContextCustom.cpp: (WebCore::JSAudioContextConstructor::constructJSAudioContext): (WebCore::JSAudioContext::createBuffer):
  • bindings/v8/custom/V8AudioContextCustom.cpp: (WebCore::V8AudioContext::constructorCallback): (WebCore::V8AudioContext::createBufferCallback):
  • platform/audio/HRTFDatabaseLoader.h: (WebCore::HRTFDatabaseLoader::databaseSampleRate):
  • webaudio/AudioContext.cpp: (WebCore::AudioContext::create): (WebCore::AudioContext::createOfflineContext): (WebCore::AudioContext::createBuffer):
  • webaudio/AudioContext.h:
Location:
trunk/Source/WebCore
Files:
6 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebCore/ChangeLog

    r90834 r90839  
     12011-07-12  Chris Rogers  <crogers@google.com>
     2
     3        webkitAudioContext does not do proper sanity checking on its arguments.
     4        https://bugs.webkit.org/show_bug.cgi?id=64076
     5
     6        Reviewed by Kenneth Russell.
     7
     8        No new tests since audio API is not yet implemented.
     9
     10        * bindings/js/JSAudioContextCustom.cpp:
     11        (WebCore::JSAudioContextConstructor::constructJSAudioContext):
     12        (WebCore::JSAudioContext::createBuffer):
     13        * bindings/v8/custom/V8AudioContextCustom.cpp:
     14        (WebCore::V8AudioContext::constructorCallback):
     15        (WebCore::V8AudioContext::createBufferCallback):
     16        * platform/audio/HRTFDatabaseLoader.h:
     17        (WebCore::HRTFDatabaseLoader::databaseSampleRate):
     18        * webaudio/AudioContext.cpp:
     19        (WebCore::AudioContext::create):
     20        (WebCore::AudioContext::createOfflineContext):
     21        (WebCore::AudioContext::createBuffer):
     22        * webaudio/AudioContext.h:
     23
    1242011-07-12  Pratik Solanki  <psolanki@apple.com>
    225

  • trunk/Source/WebCore/bindings/js/JSAudioContextCustom.cpp

    r87163 r90839  
    7575            return throwVMError(exec, createSyntaxError(exec, "Not enough arguments"));
    7676
    77         unsigned numberOfChannels = exec->argument(0).toInt32(exec);
    78         unsigned numberOfFrames = exec->argument(1).toInt32(exec);
     77        int32_t numberOfChannels = exec->argument(0).toInt32(exec);
     78        int32_t numberOfFrames = exec->argument(1).toInt32(exec);
    7979        float sampleRate = exec->argument(2).toFloat(exec);
     80       
     81        if (numberOfChannels <= 0 || numberOfChannels > 10)
     82            return throwVMError(exec, createSyntaxError(exec, "Invalid number of channels"));
    8083
    81         audioContext = AudioContext::createOfflineContext(document, numberOfChannels, numberOfFrames, sampleRate);
     84        if (numberOfFrames <= 0)
     85            return throwVMError(exec, createSyntaxError(exec, "Invalid number of frames"));
     86
     87        if (sampleRate <= 0)
     88            return throwVMError(exec, createSyntaxError(exec, "Invalid sample rate"));
     89
     90        ExceptionCode ec = 0;
     91        audioContext = AudioContext::createOfflineContext(document, numberOfChannels, numberOfFrames, sampleRate, ec);
     92        if (ec) {
     93            setDOMException(exec, ec);
     94            return jsUndefined();
     95        }
    8296    }
    8397
     
    118132        return throwError(exec, createSyntaxError(exec, "Not enough arguments"));
    119133   
    120     unsigned numberOfChannels = exec->argument(0).toInt32(exec);
    121     unsigned numberOfFrames = exec->argument(1).toInt32(exec);
     134    int32_t numberOfChannels = exec->argument(0).toInt32(exec);
     135    int32_t numberOfFrames = exec->argument(1).toInt32(exec);
    122136    float sampleRate = exec->argument(2).toFloat(exec);
     137
     138    if (numberOfChannels <= 0 || numberOfChannels > 10)
     139        return throwVMError(exec, createSyntaxError(exec, "Invalid number of channels"));
     140
     141    if (numberOfFrames <= 0)
     142        return throwVMError(exec, createSyntaxError(exec, "Invalid number of frames"));
     143
     144    if (sampleRate <= 0)
     145        return throwVMError(exec, createSyntaxError(exec, "Invalid sample rate"));
    123146
    124147    RefPtr<AudioBuffer> audioBuffer = audioContext->createBuffer(numberOfChannels, numberOfFrames, sampleRate);

  • trunk/Source/WebCore/bindings/v8/custom/V8AudioContextCustom.cpp

    r82963 r90839  
    4444    INC_STATS("DOM.AudioContext.Contructor");
    4545
     46    if (!args.IsConstructCall())
     47        return throwError("AudioContext constructor cannot be called as a function.");
     48
    4649    Frame* frame = V8Proxy::retrieveFrameForCurrentContext();
    4750    if (!frame)
     
    6568        bool ok = false;
    6669
    67         unsigned numberOfChannels = toInt32(args[0], ok);
    68         if (!ok)
     70        int32_t numberOfChannels = toInt32(args[0], ok);
     71        if (!ok || numberOfChannels <= 0 || numberOfChannels > 10)
    6972            return throwError("Invalid number of channels", V8Proxy::SyntaxError);
    7073
    71         unsigned numberOfFrames = toInt32(args[1], ok);
    72         if (!ok)
     74        int32_t numberOfFrames = toInt32(args[1], ok);
     75        if (!ok || numberOfFrames <= 0)
    7376            return throwError("Invalid number of frames", V8Proxy::SyntaxError);
    7477
    7578        float sampleRate = toFloat(args[2]);
     79        if (sampleRate <= 0)
     80            return throwError("Invalid sample rate", V8Proxy::SyntaxError);
    7681
    77         audioContext = AudioContext::createOfflineContext(document, numberOfChannels, numberOfFrames, sampleRate);
     82        ExceptionCode ec = 0;
     83        audioContext = AudioContext::createOfflineContext(document, numberOfChannels, numberOfFrames, sampleRate, ec);
     84        if (ec)
     85            return throwError(ec);
    7886    }
    7987
     
    123131    bool ok = false;
    124132   
    125     unsigned numberOfChannels = toInt32(args[0], ok);
    126     if (!ok)
     133    int32_t numberOfChannels = toInt32(args[0], ok);
     134    if (!ok || numberOfChannels <= 0 || numberOfChannels > 10)
    127135        return throwError("Invalid number of channels", V8Proxy::SyntaxError);
    128136   
    129     unsigned numberOfFrames = toInt32(args[1], ok);
    130     if (!ok)
     137    int32_t numberOfFrames = toInt32(args[1], ok);
     138    if (!ok || numberOfFrames <= 0)
    131139        return throwError("Invalid number of frames", V8Proxy::SyntaxError);
    132140   

  • trunk/Source/WebCore/platform/audio/HRTFDatabaseLoader.h

    r82963 r90839  
    6161   
    6262    HRTFDatabase* database() { return m_hrtfDatabase.get(); }
     63
     64    double databaseSampleRate() const { return m_databaseSampleRate; }
    6365   
    6466    // Called in asynchronous loading thread.
     
    7880    void loadAsynchronously();
    7981
    80     double databaseSampleRate() const { return m_databaseSampleRate; }
    81 
    8282    static HRTFDatabaseLoader* s_loader; // singleton
    8383    OwnPtr<HRTFDatabase> m_hrtfDatabase;

  • trunk/Source/WebCore/webaudio/AudioContext.cpp

    r89478 r90839  
    7373
    7474namespace WebCore {
     75   
     76namespace {
     77   
     78bool isSampleRateRangeGood(double sampleRate)
     79{
     80    return sampleRate >= 22050 && sampleRate <= 96000;
     81}
     82
     83}
    7584
    7685PassRefPtr<AudioContext> AudioContext::create(Document* document)
    7786{
     87    ASSERT(document);
    7888    return adoptRef(new AudioContext(document));
    7989}
    8090
    81 PassRefPtr<AudioContext> AudioContext::createOfflineContext(Document* document, unsigned numberOfChannels, size_t numberOfFrames, double sampleRate)
    82 {
     91PassRefPtr<AudioContext> AudioContext::createOfflineContext(Document* document, unsigned numberOfChannels, size_t numberOfFrames, double sampleRate, ExceptionCode& ec)
     92{
     93    ASSERT(document);
     94
     95    // FIXME: offline contexts have limitations on supported sample-rates.
     96    // Currently all AudioContexts must have the same sample-rate.
     97    HRTFDatabaseLoader* loader = HRTFDatabaseLoader::loader();
     98    if (numberOfChannels > 10 || !isSampleRateRangeGood(sampleRate) || (loader && loader->databaseSampleRate() != sampleRate)) {
     99        ec = SYNTAX_ERR;
     100        return 0;
     101    }
     102
    83103    return adoptRef(new AudioContext(document, numberOfChannels, numberOfFrames, sampleRate));
    84104}
     
    237257PassRefPtr<AudioBuffer> AudioContext::createBuffer(unsigned numberOfChannels, size_t numberOfFrames, double sampleRate)
    238258{
     259    if (!isSampleRateRangeGood(sampleRate) || numberOfChannels > 10 || !numberOfFrames)
     260        return 0;
     261   
    239262    return AudioBuffer::create(numberOfChannels, numberOfFrames, sampleRate);
    240263}

  • trunk/Source/WebCore/webaudio/AudioContext.h

    r89478 r90839  
    7272
    7373    // Create an AudioContext for offline (non-realtime) rendering.
    74     static PassRefPtr<AudioContext> createOfflineContext(Document*, unsigned numberOfChannels, size_t numberOfFrames, double sampleRate);
     74    static PassRefPtr<AudioContext> createOfflineContext(Document*, unsigned numberOfChannels, size_t numberOfFrames, double sampleRate, ExceptionCode&);
    7575
    7676    virtual ~AudioContext();
Note: See TracChangeset for help on using the changeset viewer.