Commit 896ad97
committed
Crash under JSC::Heap::acquireAccessSlow() / JSC::Heap::releaseAccess() when starting an AudioWorklet
https://bugs.webkit.org/show_bug.cgi?id=219183
<rdar://problem/71188544>
Reviewed by Mark Lam.
Source/WebCore:
When audio rendering has already started when the AudioWorklet is constructed, it is possible for
AudioWorkletGlobalScope::handlePreRenderTasks() to get called initially on the initial audio
rendering thread instead of the audio worklet thread. Once the AudioWorklet is ready, the next
rendering quantums will actually get processed on the audio worklet thread. However, there is a
race when audio rendering has already started when the AudioWorklet gets created. This is not
normally an issue. However, AudioWorkletGlobalScope::handlePreRenderTasks() grabs a JavaScript
Lock and it is only safe to do so on the thread where we constructed the VM (i.e. the Audio
Worklet thread). To address the issue, we now only grab the lock if we are on the audio worklet
thread. Note that this lock is only used to delay the draining of the microtask queue until the
end of the rendering quantum.
Test: webaudio/worklet-crash.html
* Modules/webaudio/AudioWorkletGlobalScope.cpp:
(WebCore::AudioWorkletGlobalScope::handlePreRenderTasks):
LayoutTests:
Add layout test coverage.
* webaudio/worklet-crash-expected.txt: Added.
* webaudio/worklet-crash.html: Added.
Canonical link: https://commits.webkit.org/231795@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@270056 268f45cc-cd09-0410-ab3c-d52691b4dbfc1 parent 8a664b1 commit 896ad97
5 files changed
Lines changed: 61 additions & 1 deletion
File tree
- LayoutTests
- webaudio
- Source/WebCore
- Modules/webaudio
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
| 1 | + | |
| 2 | + | |
| 3 | + | |
| 4 | + | |
| 5 | + | |
| 6 | + | |
| 7 | + | |
| 8 | + | |
| 9 | + | |
| 10 | + | |
| 11 | + | |
| 12 | + | |
| 13 | + | |
1 | 14 | | |
2 | 15 | | |
3 | 16 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
| 1 | + | |
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
| 1 | + | |
| 2 | + | |
| 3 | + | |
| 4 | + | |
| 5 | + | |
| 6 | + | |
| 7 | + | |
| 8 | + | |
| 9 | + | |
| 10 | + | |
| 11 | + | |
| 12 | + | |
| 13 | + | |
| 14 | + | |
| 15 | + | |
| 16 | + | |
| 17 | + | |
| 18 | + | |
| 19 | + | |
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
| 1 | + | |
| 2 | + | |
| 3 | + | |
| 4 | + | |
| 5 | + | |
| 6 | + | |
| 7 | + | |
| 8 | + | |
| 9 | + | |
| 10 | + | |
| 11 | + | |
| 12 | + | |
| 13 | + | |
| 14 | + | |
| 15 | + | |
| 16 | + | |
| 17 | + | |
| 18 | + | |
| 19 | + | |
| 20 | + | |
| 21 | + | |
| 22 | + | |
| 23 | + | |
| 24 | + | |
1 | 25 | | |
2 | 26 | | |
3 | 27 | | |
| |||
Lines changed: 4 additions & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
164 | 164 | | |
165 | 165 | | |
166 | 166 | | |
167 | | - | |
| 167 | + | |
| 168 | + | |
| 169 | + | |
| 170 | + | |
168 | 171 | | |
169 | 172 | | |
170 | 173 | | |
| |||
0 commit comments