Title: [145663] branches/safari-536.30-branch/Source/WebCore
- Revision
- 145663
- Author
- [email protected]
- Date
- 2013-03-12 18:37:09 -0700 (Tue, 12 Mar 2013)
Log Message
Merged r141851. <rdar://problem/13334974>
Modified Paths
Diff
Modified: branches/safari-536.30-branch/Source/WebCore/ChangeLog (145662 => 145663)
--- branches/safari-536.30-branch/Source/WebCore/ChangeLog 2013-03-13 01:35:20 UTC (rev 145662)
+++ branches/safari-536.30-branch/Source/WebCore/ChangeLog 2013-03-13 01:37:09 UTC (rev 145663)
@@ -1,5 +1,27 @@
2013-03-12 Lucas Forschler <[email protected]>
+ Merge r141851
+
+ 2013-02-04 Wei James <[email protected]>
+
+ Heap-buffer-overflow in WebCore::AudioBufferSourceNode::process
+ https://bugs.webkit.org/show_bug.cgi?id=108515
+
+ After calling setBuffer() with a buffer having a different number of
+ channels, there can in rare cases be a slight delay before the output
+ bus is updated to the new number of channels because of use of
+ tryLocks() in the context's updating system.
+ In this case, if the the buffer has just been changed and we're
+ not quite ready yet then just output silence.
+
+ Reviewed by Chris Rogers.
+
+ * Modules/webaudio/AudioBufferSourceNode.cpp:
+ (WebCore::AudioBufferSourceNode::process):
+ (WebCore::AudioBufferSourceNode::renderFromBuffer):
+
+2013-03-12 Lucas Forschler <[email protected]>
+
Merge r140879
2013-01-25 Raymond Toy <[email protected]>
Modified: branches/safari-536.30-branch/Source/WebCore/Modules/webaudio/AudioBufferSourceNode.cpp (145662 => 145663)
--- branches/safari-536.30-branch/Source/WebCore/Modules/webaudio/AudioBufferSourceNode.cpp 2013-03-13 01:35:20 UTC (rev 145662)
+++ branches/safari-536.30-branch/Source/WebCore/Modules/webaudio/AudioBufferSourceNode.cpp 2013-03-13 01:37:09 UTC (rev 145663)
@@ -101,6 +101,14 @@
return;
}
+ // After calling setBuffer() with a buffer having a different number of channels, there can in rare cases be a slight delay
+ // before the output bus is updated to the new number of channels because of use of tryLocks() in the context's updating system.
+ // In this case, if the the buffer has just been changed and we're not quite ready yet, then just output silence.
+ if (numberOfChannels() != buffer()->numberOfChannels()) {
+ outputBus->zero();
+ return;
+ }
+
size_t quantumFrameOffset;
size_t bufferFramesToProcess;
@@ -152,7 +160,7 @@
void AudioBufferSourceNode::renderFromBuffer(AudioBus* bus, unsigned destinationFrameOffset, size_t numberOfFrames)
{
ASSERT(context()->isAudioThread());
-
+
// Basic sanity checking
ASSERT(bus);
ASSERT(buffer());
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
