Diff
Modified: trunk/LayoutTests/ChangeLog (272394 => 272395)
--- trunk/LayoutTests/ChangeLog 2021-02-05 00:10:30 UTC (rev 272394)
+++ trunk/LayoutTests/ChangeLog 2021-02-05 00:15:30 UTC (rev 272395)
@@ -1,5 +1,18 @@
2021-02-04 Chris Dumez <cdu...@apple.com>
+ Potential crash under BaseAudioContext's toJSNewlyCreated()
+ https://bugs.webkit.org/show_bug.cgi?id=221423
+ <rdar://73352543>
+
+ Reviewed by Darin Adler.
+
+ Add layout test coverage.
+
+ * webaudio/base-audio-context-wrapper-gc-expected.txt: Added.
+ * webaudio/base-audio-context-wrapper-gc.html: Added.
+
+2021-02-04 Chris Dumez <cdu...@apple.com>
+
RELEASE_ASSERT(bigInt) in VM constructor when constructing a WorkletGlobalScope
https://bugs.webkit.org/show_bug.cgi?id=221425
<rdar://73747997>
Added: trunk/LayoutTests/webaudio/base-audio-context-wrapper-gc-expected.txt (0 => 272395)
--- trunk/LayoutTests/webaudio/base-audio-context-wrapper-gc-expected.txt (rev 0)
+++ trunk/LayoutTests/webaudio/base-audio-context-wrapper-gc-expected.txt 2021-02-05 00:15:30 UTC (rev 272395)
@@ -0,0 +1,16 @@
+This test passes if it does not crash.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+* OfflineAudioContext
+PASS constantSourceNode1.context.sampleRate is 44100
+PASS constantSourceNode1.context.length is 128
+
+* AudioContext
+PASS constantSourceNode2.context.sampleRate is 44100
+PASS constantSourceNode2.context.baseLatency > 0 is true
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: trunk/LayoutTests/webaudio/base-audio-context-wrapper-gc.html (0 => 272395)
--- trunk/LayoutTests/webaudio/base-audio-context-wrapper-gc.html (rev 0)
+++ trunk/LayoutTests/webaudio/base-audio-context-wrapper-gc.html 2021-02-05 00:15:30 UTC (rev 272395)
@@ -0,0 +1,24 @@
+<script src=""
+<script>
+ description("This test passes if it does not crash.");
+
+ debug("* OfflineAudioContext");
+ let constantSourceNode1 = new ConstantSourceNode(new OfflineAudioContext({
+ length: 128,
+ sampleRate: 44100
+ }));
+ gc();
+ shouldBe("constantSourceNode1.context.sampleRate", "44100"); // On BaseAudioContext.
+ gc();
+ shouldBe("constantSourceNode1.context.length", "128"); // On OfflineAudioContext.
+
+ debug("");
+ debug("* AudioContext");
+ let constantSourceNode2 = new ConstantSourceNode(new AudioContext({
+ sampleRate: 44100
+ }));
+ gc();
+ shouldBe("constantSourceNode2.context.sampleRate", "44100"); // On BaseAudioContext.
+ gc();
+ shouldBeTrue("constantSourceNode2.context.baseLatency > 0"); // On AudioContext.
+</script>
Modified: trunk/Source/WebCore/ChangeLog (272394 => 272395)
--- trunk/Source/WebCore/ChangeLog 2021-02-05 00:10:30 UTC (rev 272394)
+++ trunk/Source/WebCore/ChangeLog 2021-02-05 00:15:30 UTC (rev 272395)
@@ -1,3 +1,25 @@
+2021-02-04 Chris Dumez <cdu...@apple.com>
+
+ Potential crash under BaseAudioContext's toJSNewlyCreated()
+ https://bugs.webkit.org/show_bug.cgi?id=221423
+ <rdar://73352543>
+
+ Reviewed by Darin Adler.
+
+ BaseAudioContext has subclasses (AudioContext & OfflineAudioContext) that are exposed to JS
+ (for which we call toJS() for). As a result, BaseAudioContext needs a custom toJS()
+ implementation which returns the correct subclass wrapper (JSOfflineAudioContext &
+ JSAudioContext), instead of a JSBaseAudioContext.
+
+ Test: webaudio/base-audio-context-wrapper-gc.html
+
+ * Modules/webaudio/BaseAudioContext.idl:
+ * Sources.txt:
+ * WebCore.xcodeproj/project.pbxproj:
+ * bindings/js/JSBaseAudioContextCustom.cpp: Added.
+ (WebCore::toJSNewlyCreated):
+ (WebCore::toJS):
+
2021-02-04 Ryosuke Niwa <rn...@webkit.org>
Avoid creating JS wrapper on a removed node when the subtree is not observable
Modified: trunk/Source/WebCore/Modules/webaudio/BaseAudioContext.idl (272394 => 272395)
--- trunk/Source/WebCore/Modules/webaudio/BaseAudioContext.idl 2021-02-05 00:10:30 UTC (rev 272394)
+++ trunk/Source/WebCore/Modules/webaudio/BaseAudioContext.idl 2021-02-05 00:15:30 UTC (rev 272395)
@@ -26,6 +26,7 @@
[
ActiveDOMObject,
Conditional=WEB_AUDIO,
+ CustomToJSObject,
EnabledBySetting=WebAudio&ModernUnprefixedWebAudio,
ExportMacro=WEBCORE_EXPORT,
Exposed=Window
Modified: trunk/Source/WebCore/Sources.txt (272394 => 272395)
--- trunk/Source/WebCore/Sources.txt 2021-02-05 00:10:30 UTC (rev 272394)
+++ trunk/Source/WebCore/Sources.txt 2021-02-05 00:15:30 UTC (rev 272395)
@@ -507,6 +507,7 @@
bindings/js/JSAudioTrackListCustom.cpp
bindings/js/JSAudioWorkletProcessorCustom.cpp
bindings/js/JSAuthenticatorResponseCustom.cpp
+bindings/js/JSBaseAudioContextCustom.cpp
bindings/js/JSBasicCredentialCustom.cpp
bindings/js/JSBlobCustom.cpp
bindings/js/JSCSSRuleCustom.cpp
Modified: trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj (272394 => 272395)
--- trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj 2021-02-05 00:10:30 UTC (rev 272394)
+++ trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj 2021-02-05 00:15:30 UTC (rev 272395)
@@ -8179,6 +8179,7 @@
468344DC1EDDFA5F00B7795B /* DOMRectList.idl */ = {isa = PBXFileReference; lastKnownFileType = text; path = DOMRectList.idl; sourceTree = "<group>"; };
468344DD1EDDFA5F00B7795B /* DOMRectList.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = DOMRectList.cpp; sourceTree = "<group>"; };
468344DE1EDDFA5F00B7795B /* DOMRectList.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = DOMRectList.h; sourceTree = "<group>"; };
+ 468B8BDE25CC849300F67822 /* JSBaseAudioContextCustom.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = JSBaseAudioContextCustom.cpp; sourceTree = "<group>"; };
46B63F6B1C6E8CDF002E914B /* JSEventTargetCustom.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSEventTargetCustom.h; sourceTree = "<group>"; };
46B650DB2296262700FD8AA4 /* PageIdentifier.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = PageIdentifier.h; sourceTree = "<group>"; };
46B9518A207D632800A7D2DD /* AbstractDOMWindow.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = AbstractDOMWindow.h; sourceTree = "<group>"; };
@@ -22703,6 +22704,7 @@
BE6DF710171CA2DA00DD52B8 /* JSAudioTrackListCustom.cpp */,
83F37A672536B21B00FF5F3B /* JSAudioWorkletProcessorCustom.cpp */,
576082562011BE0200116678 /* JSAuthenticatorResponseCustom.cpp */,
+ 468B8BDE25CC849300F67822 /* JSBaseAudioContextCustom.cpp */,
5760824F20118D8D00116678 /* JSBasicCredentialCustom.cpp */,
8931DE5A14C44C44000DC9D2 /* JSBlobCustom.cpp */,
49EED14B1051971900099FAB /* JSCanvasRenderingContext2DCustom.cpp */,
Added: trunk/Source/WebCore/bindings/js/JSBaseAudioContextCustom.cpp (0 => 272395)
--- trunk/Source/WebCore/bindings/js/JSBaseAudioContextCustom.cpp (rev 0)
+++ trunk/Source/WebCore/bindings/js/JSBaseAudioContextCustom.cpp 2021-02-05 00:15:30 UTC (rev 272395)
@@ -0,0 +1,53 @@
+/*
+ * Copyright (C) 2021 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+
+#if ENABLE(WEB_AUDIO)
+#include "JSBaseAudioContext.h"
+
+#include "AudioContext.h"
+#include "JSAudioContext.h"
+#include "JSOfflineAudioContext.h"
+#include "OfflineAudioContext.h"
+
+namespace WebCore {
+using namespace JSC;
+
+JSValue toJSNewlyCreated(JSGlobalObject*, JSDOMGlobalObject* globalObject, Ref<BaseAudioContext>&& context)
+{
+ if (context->isOfflineContext())
+ return createWrapper<OfflineAudioContext>(globalObject, WTFMove(context));
+ return createWrapper<AudioContext>(globalObject, WTFMove(context));
+}
+
+JSValue toJS(JSGlobalObject* lexicalGlobalObject, JSDOMGlobalObject* globalObject, BaseAudioContext& context)
+{
+ return wrap(lexicalGlobalObject, globalObject, context);
+}
+
+} // namespace WebCore
+
+#endif // ENABLE(WEB_AUDIO)
