From e83e4c7460972898dc06a5f5ab36eed7c6b101b5 Mon Sep 17 00:00:00 2001 From: Jer Noble Date: Tue, 11 Jun 2024 11:54:06 -0700 Subject: [PATCH] Cherry-pick 272448.1080@safari-7618.3.10-branch (64c9479d6f29). https://bugs.webkit.org/show_bug.cgi?id=275273 Add check in AudioBufferSourceNode::renderFromBuffer() when detune is set to large negative value https://bugs.webkit.org/show_bug.cgi?id=275273 rdar://125617842 Reviewed by Eric Carlson. * LayoutTests/webaudio/audiobuffersourcenode-detune-crash-expected.txt: Added. * LayoutTests/webaudio/audiobuffersourcenode-detune-crash.html: Added. * Source/WebCore/Modules/webaudio/AudioBufferSourceNode.cpp: (WebCore::AudioBufferSourceNode::renderFromBuffer): Canonical link: https://commits.webkit.org/274313.345@webkitglib/2.44 --- ...buffersourcenode-detune-crash-expected.txt | 10 +++++++ .../audiobuffersourcenode-detune-crash.html | 30 +++++++++++++++++++ .../webaudio/AudioBufferSourceNode.cpp | 7 +++++ 3 files changed, 47 insertions(+) create mode 100644 LayoutTests/webaudio/audiobuffersourcenode-detune-crash-expected.txt create mode 100644 LayoutTests/webaudio/audiobuffersourcenode-detune-crash.html diff --git a/LayoutTests/webaudio/audiobuffersourcenode-detune-crash-expected.txt b/LayoutTests/webaudio/audiobuffersourcenode-detune-crash-expected.txt new file mode 100644 index 000000000000..914ba0b133c4 --- /dev/null +++ b/LayoutTests/webaudio/audiobuffersourcenode-detune-crash-expected.txt @@ -0,0 +1,10 @@ +Attempting to create a AudioBufferSourceNode with a large negative detune value should not crash. + +On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". + + +PASS Test passed because it did not crash. +PASS successfullyParsed is true + +TEST COMPLETE + diff --git a/LayoutTests/webaudio/audiobuffersourcenode-detune-crash.html b/LayoutTests/webaudio/audiobuffersourcenode-detune-crash.html new file mode 100644 index 000000000000..e8af579db9d2 --- /dev/null +++ b/LayoutTests/webaudio/audiobuffersourcenode-detune-crash.html @@ -0,0 +1,30 @@ + + + + + + + + + + + + diff --git a/Source/WebCore/Modules/webaudio/AudioBufferSourceNode.cpp b/Source/WebCore/Modules/webaudio/AudioBufferSourceNode.cpp index f86bffb9b507..298bd48cdff5 100644 --- a/Source/WebCore/Modules/webaudio/AudioBufferSourceNode.cpp +++ b/Source/WebCore/Modules/webaudio/AudioBufferSourceNode.cpp @@ -328,9 +328,16 @@ bool AudioBufferSourceNode::renderFromBuffer(AudioBus* bus, unsigned destination virtualReadIndex = readIndex; } else if (!pitchRate) { unsigned readIndex = static_cast(virtualReadIndex); + int deltaFrames = static_cast(virtualDeltaFrames); + maxFrame = static_cast(virtualMaxFrame); + + if (readIndex >= maxFrame) + readIndex -= deltaFrames; for (unsigned i = 0; i < numberOfChannels; ++i) std::fill_n(destinationChannels[i] + writeIndex, framesToProcess, sourceChannels[i][readIndex]); + + virtualReadIndex = readIndex; } else if (reverse) { unsigned maxFrame = static_cast(virtualMaxFrame); unsigned minFrame = static_cast(floorf(virtualMinFrame)); -- 2.45.2