Log Message
CRASH(nullptr) in WebCore::jsAudioContextCurrentTime() https://bugs.webkit.org/show_bug.cgi?id=198859 <rdar://problem/27986991>
Reviewed by Eric Carlson. AudioContext's m_destinationNode can become null during iframe teardown, but can AudioContext methods can still be called by _javascript_. Add null-checks to all (remaing) unprotected dereferences of m_destinationNode. * Modules/webaudio/AudioContext.cpp: (WebCore::AudioContext::uninitialize): (WebCore::AudioContext::createBufferSource): (WebCore::AudioContext::createScriptProcessor): (WebCore::AudioContext::createBiquadFilter): (WebCore::AudioContext::createPanner): (WebCore::AudioContext::createConvolver): (WebCore::AudioContext::createDynamicsCompressor): (WebCore::AudioContext::createAnalyser): (WebCore::AudioContext::createGain): (WebCore::AudioContext::createDelay): (WebCore::AudioContext::createChannelSplitter): (WebCore::AudioContext::createChannelMerger): (WebCore::AudioContext::createOscillator): * Modules/webaudio/AudioContext.h: (WebCore::AudioContext::currentSampleFrame const): (WebCore::AudioContext::currentTime const): (WebCore::AudioContext::sampleRate const):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (246436 => 246437)
--- trunk/Source/WebCore/ChangeLog 2019-06-14 17:14:47 UTC (rev 246436)
+++ trunk/Source/WebCore/ChangeLog 2019-06-14 17:42:13 UTC (rev 246437)
@@ -1,3 +1,34 @@
+2019-06-14 Jer Noble <jer.no...@apple.com>
+
+ CRASH(nullptr) in WebCore::jsAudioContextCurrentTime()
+ https://bugs.webkit.org/show_bug.cgi?id=198859
+ <rdar://problem/27986991>
+
+ Reviewed by Eric Carlson.
+
+ AudioContext's m_destinationNode can become null during iframe teardown,
+ but can AudioContext methods can still be called by _javascript_. Add null-checks
+ to all (remaing) unprotected dereferences of m_destinationNode.
+
+ * Modules/webaudio/AudioContext.cpp:
+ (WebCore::AudioContext::uninitialize):
+ (WebCore::AudioContext::createBufferSource):
+ (WebCore::AudioContext::createScriptProcessor):
+ (WebCore::AudioContext::createBiquadFilter):
+ (WebCore::AudioContext::createPanner):
+ (WebCore::AudioContext::createConvolver):
+ (WebCore::AudioContext::createDynamicsCompressor):
+ (WebCore::AudioContext::createAnalyser):
+ (WebCore::AudioContext::createGain):
+ (WebCore::AudioContext::createDelay):
+ (WebCore::AudioContext::createChannelSplitter):
+ (WebCore::AudioContext::createChannelMerger):
+ (WebCore::AudioContext::createOscillator):
+ * Modules/webaudio/AudioContext.h:
+ (WebCore::AudioContext::currentSampleFrame const):
+ (WebCore::AudioContext::currentTime const):
+ (WebCore::AudioContext::sampleRate const):
+
2019-06-14 Youenn Fablet <you...@apple.com>
Cloning a MediaStreamTrack does not clone the logger
Modified: trunk/Source/WebCore/Modules/webaudio/AudioContext.cpp (246436 => 246437)
--- trunk/Source/WebCore/Modules/webaudio/AudioContext.cpp 2019-06-14 17:14:47 UTC (rev 246436)
+++ trunk/Source/WebCore/Modules/webaudio/AudioContext.cpp 2019-06-14 17:42:13 UTC (rev 246437)
@@ -267,7 +267,8 @@
return;
// This stops the audio thread and all audio rendering.
- m_destinationNode->uninitialize();
+ if (m_destinationNode)
+ m_destinationNode->uninitialize();
// Don't allow the context to initialize a second time after it's already been explicitly uninitialized.
m_isAudioThreadFinished = true;
@@ -441,7 +442,7 @@
return Exception { InvalidStateError };
lazyInitialize();
- Ref<AudioBufferSourceNode> node = AudioBufferSourceNode::create(*this, m_destinationNode->sampleRate());
+ Ref<AudioBufferSourceNode> node = AudioBufferSourceNode::create(*this, sampleRate());
// Because this is an AudioScheduledSourceNode, the context keeps a reference until it has finished playing.
// When this happens, AudioScheduledSourceNode::finish() calls AudioContext::notifyNodeFinishedProcessing().
@@ -577,7 +578,7 @@
if (numberOfOutputChannels > maxNumberOfChannels())
return Exception { NotSupportedError };
- auto node = ScriptProcessorNode::create(*this, m_destinationNode->sampleRate(), bufferSize, numberOfInputChannels, numberOfOutputChannels);
+ auto node = ScriptProcessorNode::create(*this, sampleRate(), bufferSize, numberOfInputChannels, numberOfOutputChannels);
refNode(node); // context keeps reference until we stop making _javascript_ rendering callbacks
return node;
@@ -593,7 +594,7 @@
lazyInitialize();
- return BiquadFilterNode::create(*this, m_destinationNode->sampleRate());
+ return BiquadFilterNode::create(*this, sampleRate());
}
ExceptionOr<Ref<WaveShaperNode>> AudioContext::createWaveShaper()
@@ -617,7 +618,7 @@
return Exception { InvalidStateError };
lazyInitialize();
- return PannerNode::create(*this, m_destinationNode->sampleRate());
+ return PannerNode::create(*this, sampleRate());
}
ExceptionOr<Ref<ConvolverNode>> AudioContext::createConvolver()
@@ -629,7 +630,7 @@
return Exception { InvalidStateError };
lazyInitialize();
- return ConvolverNode::create(*this, m_destinationNode->sampleRate());
+ return ConvolverNode::create(*this, sampleRate());
}
ExceptionOr<Ref<DynamicsCompressorNode>> AudioContext::createDynamicsCompressor()
@@ -641,7 +642,7 @@
return Exception { InvalidStateError };
lazyInitialize();
- return DynamicsCompressorNode::create(*this, m_destinationNode->sampleRate());
+ return DynamicsCompressorNode::create(*this, sampleRate());
}
ExceptionOr<Ref<AnalyserNode>> AudioContext::createAnalyser()
@@ -653,7 +654,7 @@
return Exception { InvalidStateError };
lazyInitialize();
- return AnalyserNode::create(*this, m_destinationNode->sampleRate());
+ return AnalyserNode::create(*this, sampleRate());
}
ExceptionOr<Ref<GainNode>> AudioContext::createGain()
@@ -665,7 +666,7 @@
return Exception { InvalidStateError };
lazyInitialize();
- return GainNode::create(*this, m_destinationNode->sampleRate());
+ return GainNode::create(*this, sampleRate());
}
ExceptionOr<Ref<DelayNode>> AudioContext::createDelay(double maxDelayTime)
@@ -677,7 +678,7 @@
return Exception { InvalidStateError };
lazyInitialize();
- return DelayNode::create(*this, m_destinationNode->sampleRate(), maxDelayTime);
+ return DelayNode::create(*this, sampleRate(), maxDelayTime);
}
ExceptionOr<Ref<ChannelSplitterNode>> AudioContext::createChannelSplitter(size_t numberOfOutputs)
@@ -689,7 +690,7 @@
return Exception { InvalidStateError };
lazyInitialize();
- auto node = ChannelSplitterNode::create(*this, m_destinationNode->sampleRate(), numberOfOutputs);
+ auto node = ChannelSplitterNode::create(*this, sampleRate(), numberOfOutputs);
if (!node)
return Exception { IndexSizeError };
return node.releaseNonNull();
@@ -704,7 +705,7 @@
return Exception { InvalidStateError };
lazyInitialize();
- auto node = ChannelMergerNode::create(*this, m_destinationNode->sampleRate(), numberOfInputs);
+ auto node = ChannelMergerNode::create(*this, sampleRate(), numberOfInputs);
if (!node)
return Exception { IndexSizeError };
return node.releaseNonNull();
@@ -720,7 +721,7 @@
lazyInitialize();
- Ref<OscillatorNode> node = OscillatorNode::create(*this, m_destinationNode->sampleRate());
+ Ref<OscillatorNode> node = OscillatorNode::create(*this, sampleRate());
// Because this is an AudioScheduledSourceNode, the context keeps a reference until it has finished playing.
// When this happens, AudioScheduledSourceNode::finish() calls AudioContext::notifyNodeFinishedProcessing().
Modified: trunk/Source/WebCore/Modules/webaudio/AudioContext.h (246436 => 246437)
--- trunk/Source/WebCore/Modules/webaudio/AudioContext.h 2019-06-14 17:14:47 UTC (rev 246436)
+++ trunk/Source/WebCore/Modules/webaudio/AudioContext.h 2019-06-14 17:42:13 UTC (rev 246437)
@@ -108,9 +108,9 @@
Document* hostingDocument() const final;
AudioDestinationNode* destination() { return m_destinationNode.get(); }
- size_t currentSampleFrame() const { return m_destinationNode->currentSampleFrame(); }
- double currentTime() const { return m_destinationNode->currentTime(); }
- float sampleRate() const { return m_destinationNode->sampleRate(); }
+ size_t currentSampleFrame() const { return m_destinationNode ? m_destinationNode->currentSampleFrame() : 0; }
+ double currentTime() const { return m_destinationNode ? m_destinationNode->currentTime() : 0.; }
+ float sampleRate() const { return m_destinationNode ? m_destinationNode->sampleRate() : 0.f; }
unsigned long activeSourceCount() const { return static_cast<unsigned long>(m_activeSourceCount); }
void incrementActiveSourceCount();
_______________________________________________ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
