Skip to content

Commit d315a91

Browse files
committed
Regression(r275668) Potential null pointer deref in AudioParam::exponentialRampToValueAtTime(float, double)
https://bugs.webkit.org/show_bug.cgi?id=224400 <rdar://76450376> Reviewed by Ryosuke Niwa. Source/WebCore: In r275668, I added null-checks for the AudioContext in AudioParam, now that it holds a WeakPtr to its context. However, I missed a null-check in AudioParam::exponentialRampToValueAtTime(). This patch adds the missing check. Test: webaudio/AudioParam/audioparam-exponentialRampToValueAtTime-nocontext-crash.html * Modules/webaudio/AudioParam.cpp: LayoutTests: Add layout test coverage. * webaudio/AudioParam/audioparam-exponentialRampToValueAtTime-nocontext-crash-expected.txt: Added. * webaudio/AudioParam/audioparam-exponentialRampToValueAtTime-nocontext-crash.html: Added. Canonical link: https://commits.webkit.org/236375@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@275804 268f45cc-cd09-0410-ab3c-d52691b4dbfc
1 parent 63a588e commit d315a91

5 files changed

Lines changed: 56 additions & 0 deletions

File tree

LayoutTests/ChangeLog

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,16 @@
1+
2021-04-10 Chris Dumez <cdumez@apple.com>
2+
3+
Regression(r275668) Potential null pointer deref in AudioParam::exponentialRampToValueAtTime(float, double)
4+
https://bugs.webkit.org/show_bug.cgi?id=224400
5+
<rdar://76450376>
6+
7+
Reviewed by Ryosuke Niwa.
8+
9+
Add layout test coverage.
10+
11+
* webaudio/AudioParam/audioparam-exponentialRampToValueAtTime-nocontext-crash-expected.txt: Added.
12+
* webaudio/AudioParam/audioparam-exponentialRampToValueAtTime-nocontext-crash.html: Added.
13+
114
2021-04-10 Chris Dumez <cdumez@apple.com>
215

316
[ macOS ] imported/w3c/web-platform-tests/webaudio/the-audio-api/the-analysernode-interface/realtimeanalyser-fft-scaling.html is a flakey text failure
Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
Make sure we don't crash when calling linearRampToValueAtTime() on an AudioParam that lost its AudioContext.
2+
3+
On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
4+
5+
6+
PASS Did not crash
7+
PASS successfullyParsed is true
8+
9+
TEST COMPLETE
10+
Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
<DOCTYPE html>
2+
<html>
3+
<body>
4+
<script src="../../resources/js-test.js"></script>
5+
<script>
6+
description("Make sure we don't crash when calling linearRampToValueAtTime() on an AudioParam that lost its AudioContext.");
7+
8+
let audioParam = new OfflineAudioContext(1, 1, 3000).listener.forwardX;
9+
gc();
10+
audioParam.exponentialRampToValueAtTime(1, 0);
11+
testPassed("Did not crash");
12+
</script>
13+
</body>
14+
</html>

Source/WebCore/ChangeLog

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,19 @@
1+
2021-04-10 Chris Dumez <cdumez@apple.com>
2+
3+
Regression(r275668) Potential null pointer deref in AudioParam::exponentialRampToValueAtTime(float, double)
4+
https://bugs.webkit.org/show_bug.cgi?id=224400
5+
<rdar://76450376>
6+
7+
Reviewed by Ryosuke Niwa.
8+
9+
In r275668, I added null-checks for the AudioContext in AudioParam, now that it holds a WeakPtr to its
10+
context. However, I missed a null-check in AudioParam::exponentialRampToValueAtTime(). This patch adds
11+
the missing check.
12+
13+
Test: webaudio/AudioParam/audioparam-exponentialRampToValueAtTime-nocontext-crash.html
14+
15+
* Modules/webaudio/AudioParam.cpp:
16+
117
2021-04-10 Chris Dumez <cdumez@apple.com>
218

319
[ macOS ] 3 webaudio/OfflineAudioContext/ layout-tests are flakey text failures

Source/WebCore/Modules/webaudio/AudioParam.cpp

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -182,6 +182,9 @@ ExceptionOr<AudioParam&> AudioParam::linearRampToValueAtTime(float value, double
182182

183183
ExceptionOr<AudioParam&> AudioParam::exponentialRampToValueAtTime(float value, double endTime)
184184
{
185+
if (!context())
186+
return *this;
187+
185188
if (!value)
186189
return Exception { RangeError, "value cannot be 0"_s };
187190
if (endTime < 0)

0 commit comments

Comments
 (0)