[Webkit-unassigned] [Bug 64076] New: webkitAudioContext does not do proper sanity checking on its arguments.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Jul 7 02:14:58 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=64076
Summary: webkitAudioContext does not do proper sanity checking
on its arguments.
Product: WebKit
Version: 528+ (Nightly build)
Platform: PC
OS/Version: Windows Vista
Status: NEW
Severity: Normal
Priority: P1
Component: HTML DOM
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: skylined at chromium.org
CC: eric at webkit.org, crogers at google.com
Chromium https://code.google.com/p/chromium/issues/detail?id=88638
Split off from bug 63997.
webkitAudioContext takes three arguments, which should be non-zero positive values that are limited by the amount of available memory. The code is currently not doing proper checks, which causes crashes when you supply invalid arguments:
Repro:
<script>
// This should not crash but simply output "PASS".
var aiArgs = [
[-1,1,1], [0,1,1],
[1,-1,1], [1,0,1],
[1,1,-1], [1,1,0],
[0x7FFFFFFF, 0x7FFFFFFF, 0x7FFFFFFF]],
bFail = false;
if (!window.webkitAudioContext) {
document.write('DISABLED');
} else {
for (var i = 0; i < aiArgs.length; i++) {
var code = 'new webkitAudioContext(' + aiArgs[i].join(',') + ')';
try { eval(code); }
catch (e) { continue; }
document.write('FAIL: ' + code);
bFail = true;
}
if (!bFail) document.write('PASS');
}
</script>
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list