[webkit-changes] [199067] branches/safari-601.1.46-branch/Source/WebCore

[matthew_hanson]

Title: [199067] branches/safari-601.1.46-branch/Source/WebCore

Revision

199067

Author

matthew_han...@apple.com

Date

2016-04-05 12:38:49 -0700 (Tue, 05 Apr 2016)

Log Message

Merge r199042. rdar://problem/25533763

Modified Paths

branches/safari-601.1.46-branch/Source/WebCore/ChangeLog
branches/safari-601.1.46-branch/Source/WebCore/platform/audio/ios/AudioDestinationIOS.cpp
branches/safari-601.1.46-branch/Source/WebCore/platform/audio/ios/AudioDestinationIOS.h

Diff

Modified: branches/safari-601.1.46-branch/Source/WebCore/ChangeLog (199066 => 199067)

--- branches/safari-601.1.46-branch/Source/WebCore/ChangeLog	2016-04-05 19:38:45 UTC (rev 199066)
+++ branches/safari-601.1.46-branch/Source/WebCore/ChangeLog	2016-04-05 19:38:49 UTC (rev 199067)
@@ -1,5 +1,30 @@
 2016-04-05  Matthew Hanson  <matthew_han...@apple.com>
 
+        Merge r199042. rdar://problem/25533763
+
+    2016-04-04  Jer Noble  <jer.no...@apple.com>
+
+            [iOS] Crash when playing <video> after playing Web Audio
+            https://bugs.webkit.org/show_bug.cgi?id=156185
+            <rdar://problem/10177005>
+
+            Reviewed by Eric Carlson.
+
+            Off-by-one error in AudioDestinationIOS::render. The ivars m_firstSpareFrame and m_lastSpareFrame imply that
+            the sample range is inclusive, i.e. [m_firstSpareFrame .. m_lastSpareFrame], but the length of the range was
+            being calculated as if m_lastSpareFrame was exclusive; when the two were equal, the length was calculated as
+            0, rather than 1. This was caught by an ASSERT (and would have been caught by a downstream ASSERT had that one
+            not been present).
+
+            Fix the off-by-one by treating them as inclusive/exclusive--similar to C++ iterators--and renaming them to reflect
+            this: [m_startSpareFrame .. m_endSpareFrame). This corrects the "length" math which caused the crash.
+
+            * platform/audio/ios/AudioDestinationIOS.cpp:
+            (WebCore::AudioDestinationIOS::render):
+            * platform/audio/ios/AudioDestinationIOS.h:
+
+2016-04-05  Matthew Hanson  <matthew_han...@apple.com>
+
         Merge r198035. rdar://problem/25467558
 
     2016-03-10  Jer Noble  <jer.no...@apple.com>

Modified: branches/safari-601.1.46-branch/Source/WebCore/platform/audio/ios/AudioDestinationIOS.cpp (199066 => 199067)

--- branches/safari-601.1.46-branch/Source/WebCore/platform/audio/ios/AudioDestinationIOS.cpp	2016-04-05 19:38:45 UTC (rev 199066)
+++ branches/safari-601.1.46-branch/Source/WebCore/platform/audio/ios/AudioDestinationIOS.cpp	2016-04-05 19:38:49 UTC (rev 199067)
@@ -217,15 +217,15 @@
     UInt32 framesRemaining = numberOfFrames;
     UInt32 frameOffset = 0;
     while (framesRemaining > 0) {
-        if (m_firstSpareFrame && m_lastSpareFrame) {
-            ASSERT(m_firstSpareFrame < m_lastSpareFrame);
-            UInt32 framesThisTime = m_lastSpareFrame - m_firstSpareFrame;
+        if (m_startSpareFrame && m_endSpareFrame) {
+            ASSERT(m_startSpareFrame < m_endSpareFrame);
+            UInt32 framesThisTime = m_endSpareFrame - m_startSpareFrame;
             assignAudioBuffersToBus(buffers, *m_renderBus, numberOfBuffers, numberOfFrames, frameOffset, framesThisTime);
-            m_renderBus->copyFromRange(*m_spareBus, m_firstSpareFrame, m_lastSpareFrame);
+            m_renderBus->copyFromRange(*m_spareBus, m_startSpareFrame, m_endSpareFrame);
             frameOffset += framesThisTime;
             framesRemaining -= framesThisTime;
-            m_firstSpareFrame = 0;
-            m_lastSpareFrame = 0;
+            m_startSpareFrame = 0;
+            m_endSpareFrame = 0;
         }
 
         UInt32 framesThisTime = std::min<UInt32>(kRenderBufferSize, framesRemaining);
@@ -234,8 +234,8 @@
         if (framesThisTime < kRenderBufferSize) {
             m_callback.render(0, m_spareBus.get(), kRenderBufferSize);
             m_renderBus->copyFromRange(*m_spareBus, 0, framesThisTime);
-            m_firstSpareFrame = framesThisTime;
-            m_lastSpareFrame = kRenderBufferSize - 1;
+            m_startSpareFrame = framesThisTime;
+            m_endSpareFrame = kRenderBufferSize;
         } else
             m_callback.render(0, m_renderBus.get(), framesThisTime);
         frameOffset += framesThisTime;

Modified: branches/safari-601.1.46-branch/Source/WebCore/platform/audio/ios/AudioDestinationIOS.h (199066 => 199067)

--- branches/safari-601.1.46-branch/Source/WebCore/platform/audio/ios/AudioDestinationIOS.h	2016-04-05 19:38:45 UTC (rev 199066)
+++ branches/safari-601.1.46-branch/Source/WebCore/platform/audio/ios/AudioDestinationIOS.h	2016-04-05 19:38:49 UTC (rev 199067)
@@ -66,8 +66,8 @@
     AudioIOCallback& m_callback;
     RefPtr<AudioBus> m_renderBus;
     RefPtr<AudioBus> m_spareBus;
-    unsigned m_firstSpareFrame { 0 };
-    unsigned m_lastSpareFrame { 0 };
+    unsigned m_startSpareFrame { 0 };
+    unsigned m_endSpareFrame { 0 };
 
     double m_sampleRate;
     bool m_isPlaying;

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes