WebKit Bugzilla
Attachment 368835 Details for
Bug 197533
: WebAudio Node JS wrappers should not be collected if events can be fired
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-197533-20190502160111.patch (text/plain), 17.31 KB, created by
youenn fablet
on 2019-05-02 16:01:12 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
youenn fablet
Created:
2019-05-02 16:01:12 PDT
Size:
17.31 KB
patch
obsolete
>Subversion Revision: 244802 >diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog >index 926ff4f7643efac2a9dd261221733a007a0f5cab..5a4f65e612ec18fbd01c810a40e4e43236ba83bb 100644 >--- a/Source/WebCore/ChangeLog >+++ b/Source/WebCore/ChangeLog >@@ -1,3 +1,32 @@ >+2019-05-02 Youenn Fablet <youenn@apple.com> >+ >+ WebAudio Node JS wrappers should not be collected if events can be fired >+ https://bugs.webkit.org/show_bug.cgi?id=197533 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Before the patch, some webaudio nodes could fire event listeners, but were not protected from GC. >+ Use CustomIsReachable to ensure nodes are not collectable if they have event listeners or AudioContext is being stopped. >+ >+ Covered by WPT mediacapture-streams/MediaStreamTrack-MediaElement-disabled-audio-is-silence.https.html and >+ WPT webaudio/the-audio-api/the-mediaelementaudiosourcenode-interface/mediaElementAudioSourceToScriptProcessorTest.html >+ and web audio WebRTC tests. >+ >+ * Modules/webaudio/AudioBufferSourceNode.idl: >+ * Modules/webaudio/AudioScheduledSourceNode.h: >+ (WebCore::AudioScheduledSourceNode::hasEndedListener const): >+ * Modules/webaudio/OscillatorNode.idl: >+ * Modules/webaudio/ScriptProcessorNode.h: >+ * Modules/webaudio/ScriptProcessorNode.idl: >+ * Sources.txt: >+ * WebCore.xcodeproj/project.pbxproj: >+ * bindings/js/JSAudioBufferSourceNodeCustom.cpp: Added. >+ (WebCore::JSAudioBufferSourceNodeOwner::isReachableFromOpaqueRoots): >+ * bindings/js/JSOscillatorNodeCustom.cpp: Added. >+ (WebCore::JSOscillatorNodeOwner::isReachableFromOpaqueRoots): >+ * bindings/js/JSScriptProcessorNodeCustom.cpp: Added. >+ (WebCore::JSScriptProcessorNodeOwner::isReachableFromOpaqueRoots): >+ > 2019-05-02 Youenn Fablet <youenn@apple.com> > > Make AudioContext::scriptExecutionContext() private >diff --git a/Source/WebCore/Modules/webaudio/AudioBufferSourceNode.idl b/Source/WebCore/Modules/webaudio/AudioBufferSourceNode.idl >index f42bfe9590dd712bda05839b1544212327981a5e..9a287aa41bb29851b982b022366be16b88b09daa 100644 >--- a/Source/WebCore/Modules/webaudio/AudioBufferSourceNode.idl >+++ b/Source/WebCore/Modules/webaudio/AudioBufferSourceNode.idl >@@ -25,6 +25,7 @@ > // A cached (non-streamed), memory-resident audio source > [ > Conditional=WEB_AUDIO, >+ CustomIsReachable, > JSGenerateToJSObject, > ] interface AudioBufferSourceNode : AudioNode { > attribute AudioBuffer? buffer; >diff --git a/Source/WebCore/Modules/webaudio/AudioScheduledSourceNode.h b/Source/WebCore/Modules/webaudio/AudioScheduledSourceNode.h >index 2e9c2e04fc79a3dc9278ef029cd784553764f2ec..8d919a8c3d8c7fa6f4d684e1aa02e953bc10d9d3 100644 >--- a/Source/WebCore/Modules/webaudio/AudioScheduledSourceNode.h >+++ b/Source/WebCore/Modules/webaudio/AudioScheduledSourceNode.h >@@ -61,6 +61,8 @@ public: > bool isPlayingOrScheduled() const { return m_playbackState == PLAYING_STATE || m_playbackState == SCHEDULED_STATE; } > bool hasFinished() const { return m_playbackState == FINISHED_STATE; } > >+ bool hasEndedListener() const { return m_hasEndedListener; } >+ > protected: > // Get frame information for the current time quantum. > // We handle the transition into PLAYING_STATE and FINISHED_STATE here, >diff --git a/Source/WebCore/Modules/webaudio/OscillatorNode.idl b/Source/WebCore/Modules/webaudio/OscillatorNode.idl >index df39f1c83d5e08aec19e407d1b27384f4d5f3b33..13a58be06ccf52d26b3e8979ce9de176e48773a6 100644 >--- a/Source/WebCore/Modules/webaudio/OscillatorNode.idl >+++ b/Source/WebCore/Modules/webaudio/OscillatorNode.idl >@@ -33,6 +33,7 @@ enum OscillatorType { > > [ > Conditional=WEB_AUDIO, >+ CustomIsReachable, > JSGenerateToJSObject, > ] interface OscillatorNode : AudioNode { > attribute OscillatorType type; >diff --git a/Source/WebCore/Modules/webaudio/ScriptProcessorNode.h b/Source/WebCore/Modules/webaudio/ScriptProcessorNode.h >index 98e1f0a4773467d926deee01bf28abb2148bd645..846018a1b92e9afe622dbf087fb50dac2138d534 100644 >--- a/Source/WebCore/Modules/webaudio/ScriptProcessorNode.h >+++ b/Source/WebCore/Modules/webaudio/ScriptProcessorNode.h >@@ -63,6 +63,8 @@ public: > > size_t bufferSize() const { return m_bufferSize; } > >+ bool hasAudioProcessListener() const { return m_hasAudioProcessListener; } >+ > private: > double tailTime() const override; > double latencyTime() const override; >diff --git a/Source/WebCore/Modules/webaudio/ScriptProcessorNode.idl b/Source/WebCore/Modules/webaudio/ScriptProcessorNode.idl >index 45cc63083c3857f6386a0bcbd27fb92591ace068..e1668faeedb463d3849182b74305168b216cceee 100644 >--- a/Source/WebCore/Modules/webaudio/ScriptProcessorNode.idl >+++ b/Source/WebCore/Modules/webaudio/ScriptProcessorNode.idl >@@ -25,6 +25,7 @@ > // For real-time audio stream synthesis/processing in JavaScript > [ > Conditional=WEB_AUDIO, >+ CustomIsReachable, > JSGenerateToJSObject, > JSGenerateToNativeObject > ] interface ScriptProcessorNode : AudioNode { >diff --git a/Source/WebCore/Sources.txt b/Source/WebCore/Sources.txt >index e09eb2eeb03b4fdc274abb95833dad7066ca218c..02d44148148fa9e13764315c2144bccc21c4f2ed 100644 >--- a/Source/WebCore/Sources.txt >+++ b/Source/WebCore/Sources.txt >@@ -431,6 +431,7 @@ animation/DocumentTimeline.cpp > animation/KeyframeEffect.cpp > animation/WebAnimation.cpp > >+bindings/js/JSAudioBufferSourceNodeCustom.cpp > bindings/js/CachedModuleScriptLoader.cpp > bindings/js/CachedScriptFetcher.cpp > bindings/js/CallTracer.cpp >@@ -517,6 +518,7 @@ bindings/js/JSNodeCustom.cpp > bindings/js/JSNodeIteratorCustom.cpp > bindings/js/JSNodeListCustom.cpp > bindings/js/JSOffscreenCanvasRenderingContext2DCustom.cpp >+bindings/js/JSOscillatorNodeCustom.cpp > bindings/js/JSPaintRenderingContext2DCustom.cpp > bindings/js/JSPaintWorkletGlobalScopeCustom.cpp > bindings/js/JSPaymentMethodChangeEventCustom.cpp >@@ -529,6 +531,7 @@ bindings/js/JSPromiseRejectionEventCustom.cpp > bindings/js/JSReadableStreamSourceCustom.cpp > bindings/js/JSRemoteDOMWindowBase.cpp > bindings/js/JSRemoteDOMWindowCustom.cpp >+bindings/js/JSScriptProcessorNodeCustom.cpp > bindings/js/JSSVGPathSegCustom.cpp > bindings/js/JSSVGViewSpecCustom.cpp > bindings/js/JSStyleSheetCustom.cpp >diff --git a/Source/WebCore/WebCore.xcodeproj/project.pbxproj b/Source/WebCore/WebCore.xcodeproj/project.pbxproj >index 7bfdca2fbf1b9f6350bdac29ddd8c9c918275eec..4622483088d7ec2d5bc271515a21594f69e51783 100644 >--- a/Source/WebCore/WebCore.xcodeproj/project.pbxproj >+++ b/Source/WebCore/WebCore.xcodeproj/project.pbxproj >@@ -7180,6 +7180,9 @@ > 41209E94216EA69A00A73A12 /* RTCCertificate.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = RTCCertificate.cpp; sourceTree = "<group>"; }; > 41209E95216EC34E00A73A12 /* LibWebRTCCertificateGenerator.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = LibWebRTCCertificateGenerator.h; path = libwebrtc/LibWebRTCCertificateGenerator.h; sourceTree = "<group>"; }; > 41209E96216EC34F00A73A12 /* LibWebRTCCertificateGenerator.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = LibWebRTCCertificateGenerator.cpp; path = libwebrtc/LibWebRTCCertificateGenerator.cpp; sourceTree = "<group>"; }; >+ 41249B39227B9BC700A346BE /* JSScriptProcessorNodeCustom.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JSScriptProcessorNodeCustom.cpp; sourceTree = "<group>"; }; >+ 41249B3C227BA3C000A346BE /* JSOscillatorNodeCustom.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JSOscillatorNodeCustom.cpp; sourceTree = "<group>"; }; >+ 41249B3D227BA43C00A346BE /* JSAudioBufferSourceNodeCustom.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JSAudioBufferSourceNodeCustom.cpp; sourceTree = "<group>"; }; > 4127D5360F8AAB1D00E424F5 /* ScriptState.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ScriptState.cpp; sourceTree = "<group>"; }; > 4129C9801F5861C7009D7403 /* ReadableStreamSink.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ReadableStreamSink.h; sourceTree = "<group>"; }; > 4129C9811F5861C7009D7403 /* ReadableStreamSink.idl */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = ReadableStreamSink.idl; sourceTree = "<group>"; }; >@@ -20575,6 +20578,7 @@ > 71EFCEDE202B39C700D7C411 /* JSAnimationEffectCustom.cpp */, > 71025ED51F99F147004A250C /* JSAnimationTimelineCustom.cpp */, > BC2ED6BB0C6BD2F000920BFF /* JSAttrCustom.cpp */, >+ 41249B3D227BA43C00A346BE /* JSAudioBufferSourceNodeCustom.cpp */, > BE6DF70E171CA2DA00DD52B8 /* JSAudioTrackCustom.cpp */, > BE6DF710171CA2DA00DD52B8 /* JSAudioTrackListCustom.cpp */, > 576082562011BE0200116678 /* JSAuthenticatorResponseCustom.cpp */, >@@ -20620,10 +20624,12 @@ > BCD9C2610C17AA67005C90A2 /* JSNodeListCustom.cpp */, > AD20B18C18E9D216005A8083 /* JSNodeListCustom.h */, > 3140C52B1FE06B4900D2A873 /* JSOffscreenCanvasRenderingContext2DCustom.cpp */, >+ 41249B3C227BA3C000A346BE /* JSOscillatorNodeCustom.cpp */, > 4B1E13EE217941320042CF98 /* JSPaintRenderingContext2DCustom.cpp */, > CB38FD551CD21D5B00592A3F /* JSPerformanceEntryCustom.cpp */, > 833CF70F20DB3F5F00141BCC /* JSPerformanceObserverCustom.cpp */, > A4A69B8BB91B49D0A804C31D /* JSPromiseRejectionEventCustom.cpp */, >+ 41249B39227B9BC700A346BE /* JSScriptProcessorNodeCustom.cpp */, > 83F572941FA1066F003837BE /* JSServiceWorkerClientCustom.cpp */, > 460D19441FCE21DD00C3DB85 /* JSServiceWorkerGlobalScopeCustom.cpp */, > BC98A27C0C0C9950004BEBF7 /* JSStyleSheetCustom.cpp */, >diff --git a/Source/WebCore/bindings/js/JSAudioBufferSourceNodeCustom.cpp b/Source/WebCore/bindings/js/JSAudioBufferSourceNodeCustom.cpp >new file mode 100644 >index 0000000000000000000000000000000000000000..a1354238d5021fc54adb059e258d4d4e1255214c >--- /dev/null >+++ b/Source/WebCore/bindings/js/JSAudioBufferSourceNodeCustom.cpp >@@ -0,0 +1,57 @@ >+/* >+ * Copyright (C) 2019 Apple Inc. All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * 1. Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * 2. Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in the >+ * documentation and/or other materials provided with the distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY >+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE >+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR >+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR >+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, >+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, >+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR >+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY >+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT >+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE >+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. >+ */ >+ >+#include "config.h" >+ >+#include "AudioContext.h" >+#include "JSAudioBufferSourceNode.h" >+ >+namespace WebCore { >+using namespace JSC; >+ >+bool JSAudioBufferSourceNodeOwner::isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown> handle, void*, SlotVisitor&, const char** reason) >+{ >+ auto& node = jsCast<JSAudioBufferSourceNode*>(handle.slot()->asCell())->wrapped(); >+ >+ if (node.isFiringEventListeners()) { >+ if (UNLIKELY(reason)) >+ *reason = "AudioBufferSourceNode is firing event listeners"; >+ return true; >+ } >+ if (node.hasEndedListener()) { >+ if (UNLIKELY(reason)) >+ *reason = "AudioBufferSourceNode has event listeners"; >+ return true; >+ } >+ if (node.context().hasPendingActivity()) { >+ if (UNLIKELY(reason)) >+ *reason = "AudioBufferSourceNode context has pending activity"; >+ return true; >+ } >+ >+ return false; >+} >+ >+} // namespace WebCore >diff --git a/Source/WebCore/bindings/js/JSOscillatorNodeCustom.cpp b/Source/WebCore/bindings/js/JSOscillatorNodeCustom.cpp >new file mode 100644 >index 0000000000000000000000000000000000000000..e9f58f7b85f08700e596e38eb760105a8c10757e >--- /dev/null >+++ b/Source/WebCore/bindings/js/JSOscillatorNodeCustom.cpp >@@ -0,0 +1,57 @@ >+/* >+ * Copyright (C) 2019 Apple Inc. All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * 1. Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * 2. Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in the >+ * documentation and/or other materials provided with the distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY >+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE >+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR >+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR >+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, >+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, >+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR >+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY >+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT >+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE >+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. >+ */ >+ >+#include "config.h" >+ >+#include "AudioContext.h" >+#include "JSOscillatorNode.h" >+ >+namespace WebCore { >+using namespace JSC; >+ >+bool JSOscillatorNodeOwner::isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown> handle, void*, SlotVisitor&, const char** reason) >+{ >+ auto& node = jsCast<JSOscillatorNode*>(handle.slot()->asCell())->wrapped(); >+ >+ if (node.isFiringEventListeners()) { >+ if (UNLIKELY(reason)) >+ *reason = "OscillatorNode is firing event listeners"; >+ return true; >+ } >+ if (node.hasEndedListener()) { >+ if (UNLIKELY(reason)) >+ *reason = "OscillatorNode has event listeners"; >+ return true; >+ } >+ if (node.context().hasPendingActivity()) { >+ if (UNLIKELY(reason)) >+ *reason = "OscillatorNode context has pending activity"; >+ return true; >+ } >+ >+ return false; >+} >+ >+} // namespace WebCore >diff --git a/Source/WebCore/bindings/js/JSScriptProcessorNodeCustom.cpp b/Source/WebCore/bindings/js/JSScriptProcessorNodeCustom.cpp >new file mode 100644 >index 0000000000000000000000000000000000000000..2279f24eb21c30518c8401856a0fcf4d174dec69 >--- /dev/null >+++ b/Source/WebCore/bindings/js/JSScriptProcessorNodeCustom.cpp >@@ -0,0 +1,57 @@ >+/* >+ * Copyright (C) 2019 Apple Inc. All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * 1. Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * 2. Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in the >+ * documentation and/or other materials provided with the distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY >+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE >+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR >+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR >+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, >+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, >+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR >+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY >+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT >+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE >+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. >+ */ >+ >+#include "config.h" >+ >+#include "AudioContext.h" >+#include "JSScriptProcessorNode.h" >+ >+namespace WebCore { >+using namespace JSC; >+ >+bool JSScriptProcessorNodeOwner::isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown> handle, void*, SlotVisitor&, const char** reason) >+{ >+ auto& node = jsCast<JSScriptProcessorNode*>(handle.slot()->asCell())->wrapped(); >+ >+ if (node.isFiringEventListeners()) { >+ if (UNLIKELY(reason)) >+ *reason = "ScriptProcessorNode is firing event listeners"; >+ return true; >+ } >+ if (node.hasAudioProcessListener()) { >+ if (UNLIKELY(reason)) >+ *reason = "ScriptProcessorNode has event listeners"; >+ return true; >+ } >+ if (node.context().hasPendingActivity()) { >+ if (UNLIKELY(reason)) >+ *reason = "ScriptProcessorNode context has pending activity"; >+ return true; >+ } >+ >+ return false; >+} >+ >+} // namespace WebCore
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=368835">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 197533
:
368835
|
368890
|
368907
|
369124
|
369139
|
369152
|
369160