[webkit-changes] [271751] trunk

Fri, 22 Jan 2021 10:43:12 -0800

Title: [271751] trunk
Revision
271751
Author
[email protected]
Date
2021-01-22 10:42:32 -0800 (Fri, 22 Jan 2021)

Log Message

Crash under FFTFrame::fftSetupForSize()
https://bugs.webkit.org/show_bug.cgi?id=220866
<rdar://73199504>

Reviewed by Eric Carlson.

Source/WebCore:

The crash was caused by FFTFrame::fftSetupForSize() but being called concurrently
from "HRTF database loader" threads. This patch makes FFTFrame::fftSetupForSize()
thread safe to address the issue.

Test: webaudio/Panner/PannerNode-crash.html

* platform/audio/mac/FFTFrameMac.cpp:
(WebCore::fftSetups):
(WebCore::FFTFrame::fftSetupForSize):

LayoutTests:

Add layout test coverage.

* webaudio/Panner/PannerNode-crash-expected.txt: Added.
* webaudio/Panner/PannerNode-crash.html: Added.

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (271750 => 271751)


--- trunk/LayoutTests/ChangeLog	2021-01-22 18:33:38 UTC (rev 271750)
+++ trunk/LayoutTests/ChangeLog	2021-01-22 18:42:32 UTC (rev 271751)
@@ -1,3 +1,16 @@
+2021-01-22  Chris Dumez  <[email protected]>
+
+        Crash under FFTFrame::fftSetupForSize()
+        https://bugs.webkit.org/show_bug.cgi?id=220866
+        <rdar://73199504>
+
+        Reviewed by Eric Carlson.
+
+        Add layout test coverage.
+
+        * webaudio/Panner/PannerNode-crash-expected.txt: Added.
+        * webaudio/Panner/PannerNode-crash.html: Added.
+
 2021-01-22  Youenn Fablet  <[email protected]>
 
         Add more descriptive messages to setLocalDescription/setRemoteDescription error cases

Added: trunk/LayoutTests/webaudio/Panner/PannerNode-crash-expected.txt (0 => 271751)


--- trunk/LayoutTests/webaudio/Panner/PannerNode-crash-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/webaudio/Panner/PannerNode-crash-expected.txt	2021-01-22 18:42:32 UTC (rev 271751)
@@ -0,0 +1,9 @@
+This test passes if it does not crash.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS successfullyParsed is true
+
+TEST COMPLETE
+

Added: trunk/LayoutTests/webaudio/Panner/PannerNode-crash.html (0 => 271751)


--- trunk/LayoutTests/webaudio/Panner/PannerNode-crash.html	                        (rev 0)
+++ trunk/LayoutTests/webaudio/Panner/PannerNode-crash.html	2021-01-22 18:42:32 UTC (rev 271751)
@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html>
+<body>
+<script src=""
+<script>
+description("This test passes if it does not crash.");
+jsTestIsAsync = true;
+
+const random = (min, max) => {
+    let num = Math.random() * (max - min) + min;
+
+    return Math.round(num);
+};
+
+_onload_ = () => {
+    for (let i = 0; i < 50; i++) {
+        let sampleRate = random(3000, 384000);
+        new PannerNode(new OfflineAudioContext({length: 128, sampleRate: sampleRate}));
+        new OfflineAudioContext({length: 128, sampleRate: sampleRate}).createPanner().disconnect();
+    }
+    
+    setTimeout(finishJSTest, 100);
+};
+</script>
+</body>
+</html>

Modified: trunk/Source/WebCore/ChangeLog (271750 => 271751)


--- trunk/Source/WebCore/ChangeLog	2021-01-22 18:33:38 UTC (rev 271750)
+++ trunk/Source/WebCore/ChangeLog	2021-01-22 18:42:32 UTC (rev 271751)
@@ -1,3 +1,21 @@
+2021-01-22  Chris Dumez  <[email protected]>
+
+        Crash under FFTFrame::fftSetupForSize()
+        https://bugs.webkit.org/show_bug.cgi?id=220866
+        <rdar://73199504>
+
+        Reviewed by Eric Carlson.
+
+        The crash was caused by FFTFrame::fftSetupForSize() but being called concurrently
+        from "HRTF database loader" threads. This patch makes FFTFrame::fftSetupForSize()
+        thread safe to address the issue.
+
+        Test: webaudio/Panner/PannerNode-crash.html
+
+        * platform/audio/mac/FFTFrameMac.cpp:
+        (WebCore::fftSetups):
+        (WebCore::FFTFrame::fftSetupForSize):
+
 2021-01-22  Youenn Fablet  <[email protected]>
 
         Add more descriptive messages to setLocalDescription/setRemoteDescription error cases

Modified: trunk/Source/WebCore/platform/audio/mac/FFTFrameMac.cpp (271750 => 271751)


--- trunk/Source/WebCore/platform/audio/mac/FFTFrameMac.cpp	2021-01-22 18:33:38 UTC (rev 271750)
+++ trunk/Source/WebCore/platform/audio/mac/FFTFrameMac.cpp	2021-01-22 18:42:32 UTC (rev 271751)
@@ -37,6 +37,7 @@
 #include "FFTFrame.h"
 
 #include "VectorMath.h"
+#include <wtf/Lock.h>
 #include <wtf/NeverDestroyed.h>
 #include <wtf/Vector.h>
 
@@ -121,16 +122,30 @@
     VectorMath::multiplyByScalar(data, 1.0f / m_FFTSize, data, m_FFTSize);
 }
 
+static Vector<FFTSetup>& fftSetups()
+{
+    static LazyNeverDestroyed<Vector<FFTSetup>> fftSetups;
+    static std::once_flag onceKey;
+    std::call_once(onceKey, [&] {
+        fftSetups.construct(kMaxFFTPow2Size, nullptr);
+    });
+    return fftSetups;
+}
+
 FFTSetup FFTFrame::fftSetupForSize(unsigned fftSize)
 {
-    static NeverDestroyed<Vector<FFTSetup>> fftSetups(kMaxFFTPow2Size, nullptr);
+    static Lock fftSetupsLock;
 
     auto pow2size = static_cast<size_t>(log2(fftSize));
     ASSERT(pow2size < kMaxFFTPow2Size);
-    auto& fftSetup = fftSetups->at(pow2size);
-    if (!fftSetup)
-        fftSetup = vDSP_create_fftsetup(pow2size, FFT_RADIX2);
 
+    auto& fftSetup = fftSetups().at(pow2size);
+    if (!fftSetup) {
+        auto locker = holdLock(fftSetupsLock);
+        if (!fftSetup)
+            fftSetup = vDSP_create_fftsetup(pow2size, FFT_RADIX2);
+    }
+
     return fftSetup;
 }
 

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to