[webkit-changes] [WebKit/WebKit] f80743: heap-use-after-free | WebCore::WorkerOrWorkletThre...
youennf
noreply at github.com
Tue Aug 6 15:02:02 PDT 2024
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: f80743cbb13c7ae9bcb75cc9c4e326f83e3b5c4c
https://github.com/WebKit/WebKit/commit/f80743cbb13c7ae9bcb75cc9c4e326f83e3b5c4c
Author: Youenn Fablet <youenn at apple.com>
Date: 2024-08-06 (Tue, 06 Aug 2024)
Changed paths:
M Source/WebCore/Modules/webaudio/AudioDestinationNode.cpp
M Source/WebCore/Modules/webaudio/AudioWorkletGlobalScope.cpp
M Source/WebCore/workers/WorkerThread.cpp
Log Message:
-----------
heap-use-after-free | WebCore::WorkerOrWorkletThread::destroyWorkerGlobalScope; WebCore::WorkerOrWorkletThread::workerOrWorkletThread; WTF::Thread::entryPoint)
rdar://131127484
Reviewed by Ryosuke Niwa.
AudioWorkletGlobalScope is RefCounted so it is unsafe to ref/unref it from various threads.
Before this patch, AudioDestinationNode::renderQuantum may either be called from the audio worklet thread (expected) or the audio rendering thread at init time (unexpected).
This is done to call AudioWorkletGlobalScope::handlePreRenderTasks, which is a no-op if called in another thread than the worklet thread.
To fix the issue, if we are not in the context thread, we do not ref AudioWorkletGlobalScope in AudioDestinationNode::renderQuantum.
AudioWorkletGlobalScope::handlePreRenderTasks will then no longer be called in another thread than the worklet thread.
We update AudioWorkletGlobalScope::handlePreRenderTasks accordingly.
* Source/WebCore/Modules/webaudio/AudioDestinationNode.cpp:
(WebCore::AudioDestinationNode::renderQuantum):
* Source/WebCore/Modules/webaudio/AudioWorkletGlobalScope.cpp:
(WebCore::AudioWorkletGlobalScope::handlePreRenderTasks):
* Source/WebCore/workers/WorkerThread.cpp:
(WebCore::WorkerThread::globalScope):
Originally-landed-as: f98cf4e20b37. rdar://132955637
Canonical link: https://commits.webkit.org/281918@main
To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications
More information about the webkit-changes
mailing list