[Web Audio] Decoding specific .m4a file crashes tab
authorjer.noble@apple.com <jer.noble@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 6 Mar 2015 19:31:16 +0000 (19:31 +0000)
committerjer.noble@apple.com <jer.noble@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 6 Mar 2015 19:31:16 +0000 (19:31 +0000)
https://bugs.webkit.org/show_bug.cgi?id=139545

Reviewed by Eric Carlson.

Source/WebCore:

Test: webaudio/decode-audio-data-too-short.html

Bail out early if CoreAudio reports the number of frames in the file to be negative.

* platform/audio/mac/AudioFileReaderMac.cpp:
(WebCore::AudioFileReader::createBus):

LayoutTests:

* webaudio/decode-audio-data-too-short-expected.txt: Added.
* webaudio/decode-audio-data-too-short.html: Added.
* webaudio/resources/media/too-short.m4a: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@181174 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/webaudio/decode-audio-data-too-short-expected.txt [new file with mode: 0644]
LayoutTests/webaudio/decode-audio-data-too-short.html [new file with mode: 0644]
LayoutTests/webaudio/resources/media/too-short.m4a [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/platform/audio/mac/AudioFileReaderMac.cpp

index 04747de..432440b 100644 (file)
@@ -1,3 +1,14 @@
+2015-03-06  Jer Noble  <jer.noble@apple.com>
+
+        [Web Audio] Decoding specific .m4a file crashes tab
+        https://bugs.webkit.org/show_bug.cgi?id=139545
+
+        Reviewed by Eric Carlson.
+
+        * webaudio/decode-audio-data-too-short-expected.txt: Added.
+        * webaudio/decode-audio-data-too-short.html: Added.
+        * webaudio/resources/media/too-short.m4a: Added.
+
 2015-03-06  Myles C. Maxfield  <mmaxfield@apple.com>
 
         Crash in -[WebCascadeList objectAtIndex:] + 195
diff --git a/LayoutTests/webaudio/decode-audio-data-too-short-expected.txt b/LayoutTests/webaudio/decode-audio-data-too-short-expected.txt
new file mode 100644 (file)
index 0000000..1211be5
--- /dev/null
@@ -0,0 +1,9 @@
+Test that decoding an audio file which is too short does not cause a crash.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/webaudio/decode-audio-data-too-short.html b/LayoutTests/webaudio/decode-audio-data-too-short.html
new file mode 100644 (file)
index 0000000..640c2f7
--- /dev/null
@@ -0,0 +1,31 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src="../resources/js-test-pre.js"></script>
+<script type="text/javascript" src="resources/audio-testing.js"></script>
+</head>
+<body>
+<script>
+description("Test that decoding an audio file which is too short does not cause a crash.");
+
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.waitUntilDone();
+}
+
+window.jsTestIsAsync = true;
+
+var context = new webkitAudioContext();
+var request = new XMLHttpRequest();
+request.open("GET", 'resources/media/too-short.m4a', true);
+request.responseType = "arraybuffer";
+    
+request.onload = function() {
+    context.decodeAudioData(request.response, finishJSTest, finishJSTest);
+}
+request.send();
+
+</script>
+<script src="../resources/js-test-post.js"></script>
+</body>
+</html>
diff --git a/LayoutTests/webaudio/resources/media/too-short.m4a b/LayoutTests/webaudio/resources/media/too-short.m4a
new file mode 100644 (file)
index 0000000..0556926
Binary files /dev/null and b/LayoutTests/webaudio/resources/media/too-short.m4a differ
index f7edd6a..c85ab8a 100644 (file)
@@ -1,3 +1,17 @@
+2015-03-06  Jer Noble  <jer.noble@apple.com>
+
+        [Web Audio] Decoding specific .m4a file crashes tab
+        https://bugs.webkit.org/show_bug.cgi?id=139545
+
+        Reviewed by Eric Carlson.
+
+        Test: webaudio/decode-audio-data-too-short.html
+
+        Bail out early if CoreAudio reports the number of frames in the file to be negative.
+
+        * platform/audio/mac/AudioFileReaderMac.cpp:
+        (WebCore::AudioFileReader::createBus):
+
 2015-03-06  Jeremy Jones  <jeremyj@apple.com>
 
         Scroll to make the video element visible when exiting fullscreen.
index 6c9225a..8df1365 100644 (file)
@@ -147,7 +147,7 @@ PassRefPtr<AudioBus> AudioFileReader::createBus(float sampleRate, bool mixToMono
     SInt64 numberOfFrames64 = 0;
     size = sizeof(numberOfFrames64);
     result = ExtAudioFileGetProperty(m_extAudioFileRef, kExtAudioFileProperty_FileLengthFrames, &size, &numberOfFrames64);
-    if (result != noErr)
+    if (result != noErr || numberOfFrames64 <= 0)
         return 0;
 
     // Sample-rate