[Webkit-unassigned] [Bug 251044] New: Fix clang-tidy bugprone-infinite-loop warnings in WebCore::AudioSampleDataSource::pullAvailableSamplesAsChunks()

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Jan 23 15:02:54 PST 2023 

https://bugs.webkit.org/show_bug.cgi?id=251044

            Bug ID: 251044
           Summary: Fix clang-tidy bugprone-infinite-loop warnings in
                    WebCore::AudioSampleDataSource::pullAvailableSamplesAs
                    Chunks()
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Media
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: ddkilzer at webkit.org

Fix clang-tidy bugprone-infinite-loop warnings in WebCore::AudioSampleDataSource::pullAvailableSamplesAsChunks().

In `Source/WebCore/platform/audio/cocoa/AudioSampleDataSource.mm`, the following `while()` loops can result in infinite loops if `sampleCountPerChunk` is zero (since there is no check that `sampleCountPerChunk` is non-zero):

```
bool AudioSampleDataSource::pullAvailableSamplesAsChunks(AudioBufferList& buffer, size_t sampleCountPerChunk, uint64_t timeStamp, Function<void()>&& consumeFilledBuffer)
{
    [...]
    if (m_muted) {
        AudioSampleBufferList::zeroABL(buffer, sampleCountPerChunk * m_outputDescription->bytesPerFrame());
        while (endFrame - startFrame >= sampleCountPerChunk) {
            consumeFilledBuffer();
            startFrame += sampleCountPerChunk;
        }
        return true;
    }

    while (endFrame - startFrame >= sampleCountPerChunk) {
        m_ringBuffer->fetch(&buffer, sampleCountPerChunk, startFrame, CARingBuffer::Copy);
        consumeFilledBuffer();
        startFrame += sampleCountPerChunk;
    }
    return true;
}
```
<https://github.com/WebKit/WebKit/blob/main/Source/WebCore/platform/audio/cocoa/AudioSampleDataSource.mm#L317>

Found by clang static analyzer.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230123/3a3ae148/attachment.htm>

More information about the webkit-unassigned mailing list