[webkit-changes] [199121] branches/safari-601.1.46-branch/Source/WebCore

Wed, 06 Apr 2016 15:44:56 -0700

Title: [199121] branches/safari-601.1.46-branch/Source/WebCore

Diff

Modified: branches/safari-601.1.46-branch/Source/WebCore/ChangeLog (199120 => 199121)


--- branches/safari-601.1.46-branch/Source/WebCore/ChangeLog	2016-04-06 22:25:37 UTC (rev 199120)
+++ branches/safari-601.1.46-branch/Source/WebCore/ChangeLog	2016-04-06 22:44:06 UTC (rev 199121)
@@ -1,3 +1,26 @@
+2016-04-06  Matthew Hanson  <matthew_han...@apple.com>
+
+        Merge r199116. rdar://problem/25468815
+
+    2016-04-06  Jer Noble  <jer.no...@apple.com>
+
+            CRASH in AudioDestinationNode::render()
+            https://bugs.webkit.org/show_bug.cgi?id=156308
+            <rdar://problem/25468815>
+
+            Reviewed by Eric Carlson.
+
+
+            AudioDestinationNode::render() will crash when passed in a zero-length frame count. Rather than get into
+            this bad state, ASSERT() and bail out early in this case.
+
+            Also, address the situation in AudioDestinationIOS::render which can cause this 0-frame count to occur.
+
+            * Modules/webaudio/AudioDestinationNode.cpp:
+            (WebCore::AudioDestinationNode::render):
+            * platform/audio/ios/AudioDestinationIOS.cpp:
+            (WebCore::AudioDestinationIOS::render):
+
 2016-04-05  Matthew Hanson  <matthew_han...@apple.com>
 
         Merge r199042. rdar://problem/25533763

Modified: branches/safari-601.1.46-branch/Source/WebCore/Modules/webaudio/AudioDestinationNode.cpp (199120 => 199121)


--- branches/safari-601.1.46-branch/Source/WebCore/Modules/webaudio/AudioDestinationNode.cpp	2016-04-06 22:25:37 UTC (rev 199120)
+++ branches/safari-601.1.46-branch/Source/WebCore/Modules/webaudio/AudioDestinationNode.cpp	2016-04-06 22:44:06 UTC (rev 199121)
@@ -68,6 +68,13 @@
         return;
     }
 
+    ASSERT(numberOfFrames);
+    if (!numberOfFrames) {
+        destinationBus->zero();
+        setIsSilent(true);
+        return;
+    }
+
     // Let the context take care of any business at the start of each render quantum.
     context()->handlePreRenderTasks();

Modified: branches/safari-601.1.46-branch/Source/WebCore/platform/audio/ios/AudioDestinationIOS.cpp (199120 => 199121)


--- branches/safari-601.1.46-branch/Source/WebCore/platform/audio/ios/AudioDestinationIOS.cpp	2016-04-06 22:25:37 UTC (rev 199120)
+++ branches/safari-601.1.46-branch/Source/WebCore/platform/audio/ios/AudioDestinationIOS.cpp	2016-04-06 22:44:06 UTC (rev 199121)
@@ -231,6 +231,8 @@
         UInt32 framesThisTime = std::min<UInt32>(kRenderBufferSize, framesRemaining);
         assignAudioBuffersToBus(buffers, *m_renderBus, numberOfBuffers, numberOfFrames, frameOffset, framesThisTime);
 
+        if (!framesThisTime)
+            break;
         if (framesThisTime < kRenderBufferSize) {
             m_callback.render(0, m_spareBus.get(), kRenderBufferSize);
             m_renderBus->copyFromRange(*m_spareBus, 0, framesThisTime);

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to