third_party/WebKit/Source/platform/audio/AudioDestination.cpp - Issue 2740103005: Fix premature access on m_fifo in AudioDestination.

Side by Side Diff: third_party/WebKit/Source/platform/audio/AudioDestination.cpp

Issue 2740103005: Fix premature access on m_fifo in AudioDestination. (Closed)

Patch Set: Initial commit Created 3 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
1 /*	1 /*

2 * Copyright (C) 2010 Google Inc. All rights reserved.	2 * Copyright (C) 2010 Google Inc. All rights reserved.

3 *	3 *

4 * Redistribution and use in source and binary forms, with or without	4 * Redistribution and use in source and binary forms, with or without

5 * modification, are permitted provided that the following conditions	5 * modification, are permitted provided that the following conditions

6 * are met:	6 * are met:

7 *	7 *

8 * 1. Redistributions of source code must retain the above copyright	8 * 1. Redistributions of source code must retain the above copyright

9 * notice, this list of conditions and the following disclaimer.	9 * notice, this list of conditions and the following disclaimer.

10 * 2. Redistributions in binary form must reproduce the above copyright	10 * 2. Redistributions in binary form must reproduce the above copyright

(...skipping 27 matching lines...) Expand all Loading...
38 #include "public/platform/WebSecurityOrigin.h"	38 #include "public/platform/WebSecurityOrigin.h"

39 #include "wtf/PtrUtil.h"	39 #include "wtf/PtrUtil.h"

40	40

41 namespace blink {	41 namespace blink {

42	42

43 // FIFO Size.	43 // FIFO Size.

44 //	44 //

45 // TODO(hongchan): This was estimated based on the largest callback buffer size	45 // TODO(hongchan): This was estimated based on the largest callback buffer size

46 // that we would ever need. The current UMA stats indicates that this is, in	46 // that we would ever need. The current UMA stats indicates that this is, in

47 // fact, probably too small. There are Android devices out there with a size of	47 // fact, probably too small. There are Android devices out there with a size of

48 // 8000 or so. We might need to make this larger. See: crbug.com/670747	48 // ~80K or so. We might need to make this larger. See: crbug.com/670747

	49 #if OS(ANDROID)

	50 const size_t kFIFOSize = 16384;

	51 #else
	Raymond Toy 2017/03/10 19:34:55 Why change this now? No one has ever complained o Why change this now? No one has ever complained on Android that they weren't hearing anything. hongchan 2017/03/10 20:57:36 Okay. I am reverting this. Show quoted text On 2017/03/10 19:34:55, Raymond Toy wrote: > Why change this now? No one has ever complained on Android that they weren't > hearing anything. Okay. I am reverting this.
49 const size_t kFIFOSize = 8192;	52 const size_t kFIFOSize = 8192;

	53 #endif

50	54

51 std::unique_ptr<AudioDestination> AudioDestination::create(	55 std::unique_ptr<AudioDestination> AudioDestination::create(

52 AudioIOCallback& callback,	56 AudioIOCallback& callback,

53 unsigned numberOfOutputChannels,	57 unsigned numberOfOutputChannels,

54 const WebAudioLatencyHint& latencyHint,	58 const WebAudioLatencyHint& latencyHint,

55 PassRefPtr<SecurityOrigin> securityOrigin) {	59 PassRefPtr<SecurityOrigin> securityOrigin) {

56 return WTF::wrapUnique(new AudioDestination(callback, numberOfOutputChannels,	60 return WTF::wrapUnique(new AudioDestination(callback, numberOfOutputChannels,

57 latencyHint,	61 latencyHint,

58 std::move(securityOrigin)));	62 std::move(securityOrigin)));

59 }	63 }

60	64

61 AudioDestination::AudioDestination(AudioIOCallback& callback,	65 AudioDestination::AudioDestination(AudioIOCallback& callback,

62 unsigned numberOfOutputChannels,	66 unsigned numberOfOutputChannels,

63 const WebAudioLatencyHint& latencyHint,	67 const WebAudioLatencyHint& latencyHint,

64 PassRefPtr<SecurityOrigin> securityOrigin)	68 PassRefPtr<SecurityOrigin> securityOrigin)

65 : m_numberOfOutputChannels(numberOfOutputChannels),	69 : m_numberOfOutputChannels(numberOfOutputChannels),

66 m_isPlaying(false),	70 m_isPlaying(false),

67 m_callback(callback),	71 m_callback(callback),

68 m_outputBus(AudioBus::create(numberOfOutputChannels,	72 m_outputBus(AudioBus::create(numberOfOutputChannels,

69 AudioUtilities::kRenderQuantumFrames,	73 AudioUtilities::kRenderQuantumFrames,

70 false)),	74 false)),

71 m_renderBus(AudioBus::create(numberOfOutputChannels,	75 m_renderBus(AudioBus::create(numberOfOutputChannels,

72 AudioUtilities::kRenderQuantumFrames)),	76 AudioUtilities::kRenderQuantumFrames)),

	77 m_fifo(

	78 WTF::wrapUnique(new PushPullFIFO(numberOfOutputChannels, kFIFOSize))),

73 m_framesElapsed(0) {	79 m_framesElapsed(0) {

	80 CHECK(m_fifo);
	Raymond Toy 2017/03/10 19:34:55 How can m_fifo not be null? How can m_fifo not be null? hongchan 2017/03/10 20:57:36 Do you want me to remove this check then? I can ce Show quoted text On 2017/03/10 19:34:55, Raymond Toy wrote: > How can m_fifo not be null? Do you want me to remove this check then? I can certainly do that. Raymond Toy 2017/03/10 21:11:09 AFAICT, the only way this can happen is if you run Show quoted text On 2017/03/10 20:57:36, hongchan wrote: > On 2017/03/10 19:34:55, Raymond Toy wrote: > > How can m_fifo not be null? > > Do you want me to remove this check then? I can certainly do that. AFAICT, the only way this can happen is if you run out of memory and that would cause a crash instead of returning null. hongchan 2017/03/10 21:13:55 Removed. Show quoted text On 2017/03/10 21:11:09, Raymond Toy wrote: > On 2017/03/10 20:57:36, hongchan wrote: > > On 2017/03/10 19:34:55, Raymond Toy wrote: > > > How can m_fifo not be null? > > > > Do you want me to remove this check then? I can certainly do that. > > AFAICT, the only way this can happen is if you run out of memory and that would > cause a crash instead of returning null. Removed.
	81

	82 m_callbackBufferSize = hardwareBufferSize();

	83 if (!checkBufferSize()) {

	84 NOTREACHED();

	85 }

	86

74 // Create WebAudioDevice. blink::WebAudioDevice is designed to support the	87 // Create WebAudioDevice. blink::WebAudioDevice is designed to support the

75 // local input (e.g. loopback from OS audio system), but Chromium's media	88 // local input (e.g. loopback from OS audio system), but Chromium's media

76 // renderer does not support it currently. Thus, we use zero for the number	89 // renderer does not support it currently. Thus, we use zero for the number

77 // of input channels.	90 // of input channels.

78 m_webAudioDevice = WTF::wrapUnique(Platform::current()->createAudioDevice(	91 m_webAudioDevice = WTF::wrapUnique(Platform::current()->createAudioDevice(

79 0, numberOfOutputChannels, latencyHint, this, String(),	92 0, numberOfOutputChannels, latencyHint, this, String(),

80 std::move(securityOrigin)));	93 std::move(securityOrigin)));

81 DCHECK(m_webAudioDevice);	94 DCHECK(m_webAudioDevice);

82

83 m_callbackBufferSize = m_webAudioDevice->framesPerBuffer();

84

85 if (!checkBufferSize()) {

86 NOTREACHED();

87 }

88

89 // Create a FIFO.

90 m_fifo = WTF::wrapUnique(new PushPullFIFO(numberOfOutputChannels, kFIFOSize));

91 }	95 }

92	96

93 AudioDestination::~AudioDestination() {	97 AudioDestination::~AudioDestination() {

94 stop();	98 stop();

95 }	99 }

96	100

97 void AudioDestination::render(const WebVector<float*>& destinationData,	101 void AudioDestination::render(const WebVector<float*>& destinationData,

98 size_t numberOfFrames,	102 size_t numberOfFrames,

99 double delay,	103 double delay,

100 double delayTimestamp,	104 double delayTimestamp,

101 size_t priorFramesSkipped) {	105 size_t priorFramesSkipped) {

102 CHECK_EQ(destinationData.size(), m_numberOfOutputChannels);	106 CHECK_EQ(destinationData.size(), m_numberOfOutputChannels);

103 CHECK_EQ(numberOfFrames, m_callbackBufferSize);	107 CHECK_EQ(numberOfFrames, m_callbackBufferSize);

104	108

	109 // Note that this method is called by AudioDeviceThread. If FIFO is not ready,

	110 // or the requested render size is greater than FIFO size return here.

	111 // (crbug.com/692423)

	112 if (!m_fifo \|\| m_fifo->length() < numberOfFrames)

	113 return;

	114

105 m_framesElapsed -= std::min(m_framesElapsed, priorFramesSkipped);	115 m_framesElapsed -= std::min(m_framesElapsed, priorFramesSkipped);

106 double outputPosition =	116 double outputPosition =

107 m_framesElapsed / static_cast<double>(m_webAudioDevice->sampleRate()) -	117 m_framesElapsed / static_cast<double>(m_webAudioDevice->sampleRate()) -

108 delay;	118 delay;

109 m_outputPosition.position = outputPosition;	119 m_outputPosition.position = outputPosition;

110 m_outputPosition.timestamp = delayTimestamp;	120 m_outputPosition.timestamp = delayTimestamp;

111 m_outputPositionReceivedTimestamp = base::TimeTicks::Now();	121 m_outputPositionReceivedTimestamp = base::TimeTicks::Now();

112	122

113 // Associate the destination data array with the output bus then fill the	123 // Associate the destination data array with the output bus then fill the

114 // FIFO.	124 // FIFO.

(...skipping 79 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
194 callbackBufferSizeHistogram.sample(m_callbackBufferSize);	204 callbackBufferSizeHistogram.sample(m_callbackBufferSize);

195	205

196 // Check if the requested buffer size is too large.	206 // Check if the requested buffer size is too large.

197 bool isBufferSizeValid =	207 bool isBufferSizeValid =

198 m_callbackBufferSize + AudioUtilities::kRenderQuantumFrames <= kFIFOSize;	208 m_callbackBufferSize + AudioUtilities::kRenderQuantumFrames <= kFIFOSize;

199 DCHECK(isBufferSizeValid);	209 DCHECK(isBufferSizeValid);

200 return isBufferSizeValid;	210 return isBufferSizeValid;

201 }	211 }

202	212

203 } // namespace blink	213 } // namespace blink

OLD	NEW

« no previous file with comments | « no previous file | third_party/WebKit/Source/platform/audio/PushPullFIFO.cpp » ('j') | third_party/WebKit/Source/platform/audio/PushPullFIFO.cpp » ('J')