Title: [181174] trunk
- Revision
- 181174
- Author
- jer.no...@apple.com
- Date
- 2015-03-06 11:31:16 -0800 (Fri, 06 Mar 2015)
Log Message
[Web Audio] Decoding specific .m4a file crashes tab
https://bugs.webkit.org/show_bug.cgi?id=139545
Reviewed by Eric Carlson.
Source/WebCore:
Test: webaudio/decode-audio-data-too-short.html
Bail out early if CoreAudio reports the number of frames in the file to be negative.
* platform/audio/mac/AudioFileReaderMac.cpp:
(WebCore::AudioFileReader::createBus):
LayoutTests:
* webaudio/decode-audio-data-too-short-expected.txt: Added.
* webaudio/decode-audio-data-too-short.html: Added.
* webaudio/resources/media/too-short.m4a: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (181173 => 181174)
--- trunk/LayoutTests/ChangeLog 2015-03-06 19:28:26 UTC (rev 181173)
+++ trunk/LayoutTests/ChangeLog 2015-03-06 19:31:16 UTC (rev 181174)
@@ -1,3 +1,14 @@
+2015-03-06 Jer Noble <jer.no...@apple.com>
+
+ [Web Audio] Decoding specific .m4a file crashes tab
+ https://bugs.webkit.org/show_bug.cgi?id=139545
+
+ Reviewed by Eric Carlson.
+
+ * webaudio/decode-audio-data-too-short-expected.txt: Added.
+ * webaudio/decode-audio-data-too-short.html: Added.
+ * webaudio/resources/media/too-short.m4a: Added.
+
2015-03-06 Myles C. Maxfield <mmaxfi...@apple.com>
Crash in -[WebCascadeList objectAtIndex:] + 195
Added: trunk/LayoutTests/webaudio/decode-audio-data-too-short-expected.txt (0 => 181174)
--- trunk/LayoutTests/webaudio/decode-audio-data-too-short-expected.txt (rev 0)
+++ trunk/LayoutTests/webaudio/decode-audio-data-too-short-expected.txt 2015-03-06 19:31:16 UTC (rev 181174)
@@ -0,0 +1,9 @@
+Test that decoding an audio file which is too short does not cause a crash.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: trunk/LayoutTests/webaudio/decode-audio-data-too-short.html (0 => 181174)
--- trunk/LayoutTests/webaudio/decode-audio-data-too-short.html (rev 0)
+++ trunk/LayoutTests/webaudio/decode-audio-data-too-short.html 2015-03-06 19:31:16 UTC (rev 181174)
@@ -0,0 +1,31 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src=""
+<script type="text/_javascript_" src=""
+</head>
+<body>
+<script>
+description("Test that decoding an audio file which is too short does not cause a crash.");
+
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+}
+
+window.jsTestIsAsync = true;
+
+var context = new webkitAudioContext();
+var request = new XMLHttpRequest();
+request.open("GET", 'resources/media/too-short.m4a', true);
+request.responseType = "arraybuffer";
+
+request._onload_ = function() {
+ context.decodeAudioData(request.response, finishJSTest, finishJSTest);
+}
+request.send();
+
+</script>
+<script src=""
+</body>
+</html>
Added: trunk/LayoutTests/webaudio/resources/media/too-short.m4a (0 => 181174)
--- trunk/LayoutTests/webaudio/resources/media/too-short.m4a (rev 0)
+++ trunk/LayoutTests/webaudio/resources/media/too-short.m4a 2015-03-06 19:31:16 UTC (rev 181174)
@@ -0,0 +1,3 @@
+�ftypmp42mp41isom��mdat'lUI�\xC2\xC2A0P$��+�"A\x88PE1�\x92\xC08�\x90\x84!�B�@=\xFF5\xE6\xF3y\xBC6\xDF\xE5|\x9D\xBF\xAA\xC3\xFC\xD7\xFC\xAF\x8D�d\xF8͟\xFE/\xFC_\x8A\xC5\xFF+\xFEW\xF1�\xC6 \xBF\xF1UdW\xF3_\xAD�u�\xFE\xA0\xB4�\xBF\xE5h\xA5\x8D�P�\xFE\xFA�\xF8\xF8\xF8�\xFE\xE4�\xEF\xEF�O\x8F\x8C\xCE\xFB\xFB\x90 \xD02||7\x9F\xDF܀\xFF���\xDF\xDF\xDC\xF8\xF8m\xDF}�\xF1\xF0l\xFE\xFE\xF0\x9F\xE1\xB0�\xC3c\xDF\xDF\xDC?\xF0\xD8�\xEF\xEF\xA0||6�>\xFE\xE4\x8F\x83O\xBE\x80\xFF\xC7\xC1\x87\xB8�>\xE4>>3�\x80�\xFE?\xC7�\xF8��\x9F\xC7
+_\xC3\xC4K\xF8�\xC3\xF2�'�SS �\xC1C\x91$ \xF8��\x8A(\xA0\xC7w;\xBE�\xC3G\xF5nI\xF2\xDF\xEB?\x93\xFB\x8E\x86$\xD4�E\xF2\x9D\xAA�:\xE8J�~C\x80�\x8Cmoovlmvhd\xACD�\xFF����@��\xD4trak\tkhd���\xFF���@�pmdia mdhd\xACD�\xFFU\xC4,hdlrsounSoundHandler��minf�smhd$dinf�dref��url �\xE0stbldstsd�Tmp4a���\xACD0esds�\x80\x80\x80��\x80\x80\x80�@���w�w�\x80\x80\x80�������stts����stsc�����stsz�\xDF3�stco� �stssDudta4meta hdlrmdir�ilst�Xtra
\ No newline at end of file
Modified: trunk/Source/WebCore/ChangeLog (181173 => 181174)
--- trunk/Source/WebCore/ChangeLog 2015-03-06 19:28:26 UTC (rev 181173)
+++ trunk/Source/WebCore/ChangeLog 2015-03-06 19:31:16 UTC (rev 181174)
@@ -1,3 +1,17 @@
+2015-03-06 Jer Noble <jer.no...@apple.com>
+
+ [Web Audio] Decoding specific .m4a file crashes tab
+ https://bugs.webkit.org/show_bug.cgi?id=139545
+
+ Reviewed by Eric Carlson.
+
+ Test: webaudio/decode-audio-data-too-short.html
+
+ Bail out early if CoreAudio reports the number of frames in the file to be negative.
+
+ * platform/audio/mac/AudioFileReaderMac.cpp:
+ (WebCore::AudioFileReader::createBus):
+
2015-03-06 Jeremy Jones <jere...@apple.com>
Scroll to make the video element visible when exiting fullscreen.
Modified: trunk/Source/WebCore/platform/audio/mac/AudioFileReaderMac.cpp (181173 => 181174)
--- trunk/Source/WebCore/platform/audio/mac/AudioFileReaderMac.cpp 2015-03-06 19:28:26 UTC (rev 181173)
+++ trunk/Source/WebCore/platform/audio/mac/AudioFileReaderMac.cpp 2015-03-06 19:31:16 UTC (rev 181174)
@@ -147,7 +147,7 @@
SInt64 numberOfFrames64 = 0;
size = sizeof(numberOfFrames64);
result = ExtAudioFileGetProperty(m_extAudioFileRef, kExtAudioFileProperty_FileLengthFrames, &size, &numberOfFrames64);
- if (result != noErr)
+ if (result != noErr || numberOfFrames64 <= 0)
return 0;
// Sample-rate
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
