Title: [272254] branches/safari-611-branch
- Revision
- 272254
- Author
- [email protected]
- Date
- 2021-02-02 17:39:38 -0800 (Tue, 02 Feb 2021)
Log Message
Cherry-pick r271751. rdar://problem/73890346
Crash under FFTFrame::fftSetupForSize()
https://bugs.webkit.org/show_bug.cgi?id=220866
<rdar://73199504>
Reviewed by Eric Carlson.
Source/WebCore:
The crash was caused by FFTFrame::fftSetupForSize() but being called concurrently
from "HRTF database loader" threads. This patch makes FFTFrame::fftSetupForSize()
thread safe to address the issue.
Test: webaudio/Panner/PannerNode-crash.html
* platform/audio/mac/FFTFrameMac.cpp:
(WebCore::fftSetups):
(WebCore::FFTFrame::fftSetupForSize):
LayoutTests:
Add layout test coverage.
* webaudio/Panner/PannerNode-crash-expected.txt: Added.
* webaudio/Panner/PannerNode-crash.html: Added.
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@271751 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Modified Paths
Added Paths
Diff
Modified: branches/safari-611-branch/LayoutTests/ChangeLog (272253 => 272254)
--- branches/safari-611-branch/LayoutTests/ChangeLog 2021-02-03 01:39:35 UTC (rev 272253)
+++ branches/safari-611-branch/LayoutTests/ChangeLog 2021-02-03 01:39:38 UTC (rev 272254)
@@ -1,5 +1,50 @@
2021-02-02 Alan Coon <[email protected]>
+ Cherry-pick r271751. rdar://problem/73890346
+
+ Crash under FFTFrame::fftSetupForSize()
+ https://bugs.webkit.org/show_bug.cgi?id=220866
+ <rdar://73199504>
+
+ Reviewed by Eric Carlson.
+
+ Source/WebCore:
+
+ The crash was caused by FFTFrame::fftSetupForSize() but being called concurrently
+ from "HRTF database loader" threads. This patch makes FFTFrame::fftSetupForSize()
+ thread safe to address the issue.
+
+ Test: webaudio/Panner/PannerNode-crash.html
+
+ * platform/audio/mac/FFTFrameMac.cpp:
+ (WebCore::fftSetups):
+ (WebCore::FFTFrame::fftSetupForSize):
+
+ LayoutTests:
+
+ Add layout test coverage.
+
+ * webaudio/Panner/PannerNode-crash-expected.txt: Added.
+ * webaudio/Panner/PannerNode-crash.html: Added.
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@271751 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2021-01-22 Chris Dumez <[email protected]>
+
+ Crash under FFTFrame::fftSetupForSize()
+ https://bugs.webkit.org/show_bug.cgi?id=220866
+ <rdar://73199504>
+
+ Reviewed by Eric Carlson.
+
+ Add layout test coverage.
+
+ * webaudio/Panner/PannerNode-crash-expected.txt: Added.
+ * webaudio/Panner/PannerNode-crash.html: Added.
+
+2021-02-02 Alan Coon <[email protected]>
+
Cherry-pick r271644. rdar://problem/73890311
[css-multicol] OOM with 1px height columns
Added: branches/safari-611-branch/LayoutTests/webaudio/Panner/PannerNode-crash-expected.txt (0 => 272254)
--- branches/safari-611-branch/LayoutTests/webaudio/Panner/PannerNode-crash-expected.txt (rev 0)
+++ branches/safari-611-branch/LayoutTests/webaudio/Panner/PannerNode-crash-expected.txt 2021-02-03 01:39:38 UTC (rev 272254)
@@ -0,0 +1,9 @@
+This test passes if it does not crash.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: branches/safari-611-branch/LayoutTests/webaudio/Panner/PannerNode-crash.html (0 => 272254)
--- branches/safari-611-branch/LayoutTests/webaudio/Panner/PannerNode-crash.html (rev 0)
+++ branches/safari-611-branch/LayoutTests/webaudio/Panner/PannerNode-crash.html 2021-02-03 01:39:38 UTC (rev 272254)
@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html>
+<body>
+<script src=""
+<script>
+description("This test passes if it does not crash.");
+jsTestIsAsync = true;
+
+const random = (min, max) => {
+ let num = Math.random() * (max - min) + min;
+
+ return Math.round(num);
+};
+
+_onload_ = () => {
+ for (let i = 0; i < 50; i++) {
+ let sampleRate = random(3000, 384000);
+ new PannerNode(new OfflineAudioContext({length: 128, sampleRate: sampleRate}));
+ new OfflineAudioContext({length: 128, sampleRate: sampleRate}).createPanner().disconnect();
+ }
+
+ setTimeout(finishJSTest, 100);
+};
+</script>
+</body>
+</html>
Modified: branches/safari-611-branch/Source/WebCore/ChangeLog (272253 => 272254)
--- branches/safari-611-branch/Source/WebCore/ChangeLog 2021-02-03 01:39:35 UTC (rev 272253)
+++ branches/safari-611-branch/Source/WebCore/ChangeLog 2021-02-03 01:39:38 UTC (rev 272254)
@@ -1,5 +1,55 @@
2021-02-02 Alan Coon <[email protected]>
+ Cherry-pick r271751. rdar://problem/73890346
+
+ Crash under FFTFrame::fftSetupForSize()
+ https://bugs.webkit.org/show_bug.cgi?id=220866
+ <rdar://73199504>
+
+ Reviewed by Eric Carlson.
+
+ Source/WebCore:
+
+ The crash was caused by FFTFrame::fftSetupForSize() but being called concurrently
+ from "HRTF database loader" threads. This patch makes FFTFrame::fftSetupForSize()
+ thread safe to address the issue.
+
+ Test: webaudio/Panner/PannerNode-crash.html
+
+ * platform/audio/mac/FFTFrameMac.cpp:
+ (WebCore::fftSetups):
+ (WebCore::FFTFrame::fftSetupForSize):
+
+ LayoutTests:
+
+ Add layout test coverage.
+
+ * webaudio/Panner/PannerNode-crash-expected.txt: Added.
+ * webaudio/Panner/PannerNode-crash.html: Added.
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@271751 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2021-01-22 Chris Dumez <[email protected]>
+
+ Crash under FFTFrame::fftSetupForSize()
+ https://bugs.webkit.org/show_bug.cgi?id=220866
+ <rdar://73199504>
+
+ Reviewed by Eric Carlson.
+
+ The crash was caused by FFTFrame::fftSetupForSize() but being called concurrently
+ from "HRTF database loader" threads. This patch makes FFTFrame::fftSetupForSize()
+ thread safe to address the issue.
+
+ Test: webaudio/Panner/PannerNode-crash.html
+
+ * platform/audio/mac/FFTFrameMac.cpp:
+ (WebCore::fftSetups):
+ (WebCore::FFTFrame::fftSetupForSize):
+
+2021-02-02 Alan Coon <[email protected]>
+
Cherry-pick r271704. rdar://problem/73890824
[Payment Request] increment the current version
Modified: branches/safari-611-branch/Source/WebCore/platform/audio/mac/FFTFrameMac.cpp (272253 => 272254)
--- branches/safari-611-branch/Source/WebCore/platform/audio/mac/FFTFrameMac.cpp 2021-02-03 01:39:35 UTC (rev 272253)
+++ branches/safari-611-branch/Source/WebCore/platform/audio/mac/FFTFrameMac.cpp 2021-02-03 01:39:38 UTC (rev 272254)
@@ -37,6 +37,7 @@
#include "FFTFrame.h"
#include "VectorMath.h"
+#include <wtf/Lock.h>
#include <wtf/NeverDestroyed.h>
#include <wtf/Vector.h>
@@ -121,16 +122,30 @@
VectorMath::multiplyByScalar(data, 1.0f / m_FFTSize, data, m_FFTSize);
}
+static Vector<FFTSetup>& fftSetups()
+{
+ static LazyNeverDestroyed<Vector<FFTSetup>> fftSetups;
+ static std::once_flag onceKey;
+ std::call_once(onceKey, [&] {
+ fftSetups.construct(kMaxFFTPow2Size, nullptr);
+ });
+ return fftSetups;
+}
+
FFTSetup FFTFrame::fftSetupForSize(unsigned fftSize)
{
- static NeverDestroyed<Vector<FFTSetup>> fftSetups(kMaxFFTPow2Size, nullptr);
+ static Lock fftSetupsLock;
auto pow2size = static_cast<size_t>(log2(fftSize));
ASSERT(pow2size < kMaxFFTPow2Size);
- auto& fftSetup = fftSetups->at(pow2size);
- if (!fftSetup)
- fftSetup = vDSP_create_fftsetup(pow2size, FFT_RADIX2);
+ auto& fftSetup = fftSetups().at(pow2size);
+ if (!fftSetup) {
+ auto locker = holdLock(fftSetupsLock);
+ if (!fftSetup)
+ fftSetup = vDSP_create_fftsetup(pow2size, FFT_RADIX2);
+ }
+
return fftSetup;
}
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
