[webkit-changes] [WebKit/WebKit] 9c36ab: Quad Audio files processed using AudioDecoders and...

Fri, 06 Mar 2026 13:55:38 -0800 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 9c36ab4353246d9f8155ff1b7ac05e688be5a5aa
      
https://github.com/WebKit/WebKit/commit/9c36ab4353246d9f8155ff1b7ac05e688be5a5aa
  Author: Jean-Yves Avenard <[email protected]>
  Date:   2026-03-06 (Fri, 06 Mar 2026)

  Changed paths:
    A LayoutTests/http/tests/webcodecs/audio-decoder-aac-expected.txt
    A LayoutTests/http/tests/webcodecs/audio-decoder-aac.html
    A LayoutTests/http/tests/webcodecs/resources/audio-aac.mp4
    M Source/WebCore/platform/audio/cocoa/AudioDecoderCocoa.cpp
    M Source/WebCore/platform/audio/cocoa/AudioSampleBufferConverter.mm
    M Source/WebCore/platform/audio/cocoa/AudioUtilitiesCocoa.cpp
    M Source/WebCore/platform/audio/cocoa/AudioUtilitiesCocoa.h

  Log Message:
  -----------
  Quad Audio files processed using AudioDecoders and WebAudio crashes Safari.
https://bugs.webkit.org/show_bug.cgi?id=308322
rdar://170845543

Reviewed by Eric Carlson.

Per web codecs' AAC codec registration spec:
https://www.w3.org/TR/webcodecs-aac-codec-registration/#audiodecoderconfig-description
"If description is present, it is assumed to a AudioSpecificConfig as defined in
[iso14496-3] section 1.6.2.1, Table 1.15, and the bitstream is assumed to be in 
aac.""
CoreMedia's AudioToolbox expects the magicCookie provided to be the full
ISO/IEC 14496-1 ES_Descriptor instead.
AudioFormatGetProperty however will return no error when given incorrect data
but will return instead a zeroed AudioStreamBasicDescription.
This later caused the creation of the CMFormatDescription to fail and we
created a CMSampleBuffer with a nil format description.
When the AudioSampleBufferConverter attempted to decode such samples,
we hit a null deref as it read the nil CMFormatDescription.

We are fixing two issues here:
- Crash could occur if invalid AudioDecoderConfig was provided through various
  null checks.
- Correctly recreate an ES_Descriptor from the AudioSpecificConfig so that
  we can properly decode such content.

Tests added.
* LayoutTests/http/tests/webcodecs/audio-decoder-aac-expected.txt: Added.
* LayoutTests/http/tests/webcodecs/audio-decoder-aac.html: Added.
* LayoutTests/http/tests/webcodecs/resources/audio-aac.mp4: Added.
* Source/WebCore/platform/audio/cocoa/AudioDecoderCocoa.cpp:
(WebCore::InternalAudioDecoderCocoa::initialize):
* Source/WebCore/platform/audio/cocoa/AudioSampleBufferConverter.mm:
(WebCore::AudioSampleBufferConverter::initAudioConverterForSourceFormatDescription):
(WebCore::AudioSampleBufferConverter::processSampleBuffers):
* Source/WebCore/platform/audio/cocoa/AudioUtilitiesCocoa.cpp:
(WebCore::createESDescriptor):
* Source/WebCore/platform/audio/cocoa/AudioUtilitiesCocoa.h:

Canonical link: https://commits.webkit.org/308820@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications

Reply via email to