Diff
Modified: trunk/Source/WebCore/ChangeLog (90838 => 90839)
--- trunk/Source/WebCore/ChangeLog 2011-07-12 19:16:24 UTC (rev 90838)
+++ trunk/Source/WebCore/ChangeLog 2011-07-12 19:16:53 UTC (rev 90839)
@@ -1,3 +1,26 @@
+2011-07-12 Chris Rogers <[email protected]>
+
+ webkitAudioContext does not do proper sanity checking on its arguments.
+ https://bugs.webkit.org/show_bug.cgi?id=64076
+
+ Reviewed by Kenneth Russell.
+
+ No new tests since audio API is not yet implemented.
+
+ * bindings/js/JSAudioContextCustom.cpp:
+ (WebCore::JSAudioContextConstructor::constructJSAudioContext):
+ (WebCore::JSAudioContext::createBuffer):
+ * bindings/v8/custom/V8AudioContextCustom.cpp:
+ (WebCore::V8AudioContext::constructorCallback):
+ (WebCore::V8AudioContext::createBufferCallback):
+ * platform/audio/HRTFDatabaseLoader.h:
+ (WebCore::HRTFDatabaseLoader::databaseSampleRate):
+ * webaudio/AudioContext.cpp:
+ (WebCore::AudioContext::create):
+ (WebCore::AudioContext::createOfflineContext):
+ (WebCore::AudioContext::createBuffer):
+ * webaudio/AudioContext.h:
+
2011-07-12 Pratik Solanki <[email protected]>
Implement didReceiveDataArray callback for CFNetwork based loader
Modified: trunk/Source/WebCore/bindings/js/JSAudioContextCustom.cpp (90838 => 90839)
--- trunk/Source/WebCore/bindings/js/JSAudioContextCustom.cpp 2011-07-12 19:16:24 UTC (rev 90838)
+++ trunk/Source/WebCore/bindings/js/JSAudioContextCustom.cpp 2011-07-12 19:16:53 UTC (rev 90839)
@@ -74,11 +74,25 @@
if (exec->argumentCount() < 3)
return throwVMError(exec, createSyntaxError(exec, "Not enough arguments"));
- unsigned numberOfChannels = exec->argument(0).toInt32(exec);
- unsigned numberOfFrames = exec->argument(1).toInt32(exec);
+ int32_t numberOfChannels = exec->argument(0).toInt32(exec);
+ int32_t numberOfFrames = exec->argument(1).toInt32(exec);
float sampleRate = exec->argument(2).toFloat(exec);
+
+ if (numberOfChannels <= 0 || numberOfChannels > 10)
+ return throwVMError(exec, createSyntaxError(exec, "Invalid number of channels"));
- audioContext = AudioContext::createOfflineContext(document, numberOfChannels, numberOfFrames, sampleRate);
+ if (numberOfFrames <= 0)
+ return throwVMError(exec, createSyntaxError(exec, "Invalid number of frames"));
+
+ if (sampleRate <= 0)
+ return throwVMError(exec, createSyntaxError(exec, "Invalid sample rate"));
+
+ ExceptionCode ec = 0;
+ audioContext = AudioContext::createOfflineContext(document, numberOfChannels, numberOfFrames, sampleRate, ec);
+ if (ec) {
+ setDOMException(exec, ec);
+ return jsUndefined();
+ }
}
if (!audioContext.get())
@@ -117,10 +131,19 @@
if (exec->argumentCount() < 3)
return throwError(exec, createSyntaxError(exec, "Not enough arguments"));
- unsigned numberOfChannels = exec->argument(0).toInt32(exec);
- unsigned numberOfFrames = exec->argument(1).toInt32(exec);
+ int32_t numberOfChannels = exec->argument(0).toInt32(exec);
+ int32_t numberOfFrames = exec->argument(1).toInt32(exec);
float sampleRate = exec->argument(2).toFloat(exec);
+ if (numberOfChannels <= 0 || numberOfChannels > 10)
+ return throwVMError(exec, createSyntaxError(exec, "Invalid number of channels"));
+
+ if (numberOfFrames <= 0)
+ return throwVMError(exec, createSyntaxError(exec, "Invalid number of frames"));
+
+ if (sampleRate <= 0)
+ return throwVMError(exec, createSyntaxError(exec, "Invalid sample rate"));
+
RefPtr<AudioBuffer> audioBuffer = audioContext->createBuffer(numberOfChannels, numberOfFrames, sampleRate);
if (!audioBuffer.get())
return throwError(exec, createSyntaxError(exec, "Error creating AudioBuffer"));
Modified: trunk/Source/WebCore/bindings/v8/custom/V8AudioContextCustom.cpp (90838 => 90839)
--- trunk/Source/WebCore/bindings/v8/custom/V8AudioContextCustom.cpp 2011-07-12 19:16:24 UTC (rev 90838)
+++ trunk/Source/WebCore/bindings/v8/custom/V8AudioContextCustom.cpp 2011-07-12 19:16:53 UTC (rev 90839)
@@ -43,6 +43,9 @@
{
INC_STATS("DOM.AudioContext.Contructor");
+ if (!args.IsConstructCall())
+ return throwError("AudioContext constructor cannot be called as a function.");
+
Frame* frame = V8Proxy::retrieveFrameForCurrentContext();
if (!frame)
return throwError("AudioContext constructor associated frame is unavailable", V8Proxy::ReferenceError);
@@ -64,17 +67,22 @@
bool ok = false;
- unsigned numberOfChannels = toInt32(args[0], ok);
- if (!ok)
+ int32_t numberOfChannels = toInt32(args[0], ok);
+ if (!ok || numberOfChannels <= 0 || numberOfChannels > 10)
return throwError("Invalid number of channels", V8Proxy::SyntaxError);
- unsigned numberOfFrames = toInt32(args[1], ok);
- if (!ok)
+ int32_t numberOfFrames = toInt32(args[1], ok);
+ if (!ok || numberOfFrames <= 0)
return throwError("Invalid number of frames", V8Proxy::SyntaxError);
float sampleRate = toFloat(args[2]);
+ if (sampleRate <= 0)
+ return throwError("Invalid sample rate", V8Proxy::SyntaxError);
- audioContext = AudioContext::createOfflineContext(document, numberOfChannels, numberOfFrames, sampleRate);
+ ExceptionCode ec = 0;
+ audioContext = AudioContext::createOfflineContext(document, numberOfChannels, numberOfFrames, sampleRate, ec);
+ if (ec)
+ return throwError(ec);
}
if (!audioContext.get())
@@ -122,12 +130,12 @@
bool ok = false;
- unsigned numberOfChannels = toInt32(args[0], ok);
- if (!ok)
+ int32_t numberOfChannels = toInt32(args[0], ok);
+ if (!ok || numberOfChannels <= 0 || numberOfChannels > 10)
return throwError("Invalid number of channels", V8Proxy::SyntaxError);
- unsigned numberOfFrames = toInt32(args[1], ok);
- if (!ok)
+ int32_t numberOfFrames = toInt32(args[1], ok);
+ if (!ok || numberOfFrames <= 0)
return throwError("Invalid number of frames", V8Proxy::SyntaxError);
float sampleRate = toFloat(args[2]);
Modified: trunk/Source/WebCore/platform/audio/HRTFDatabaseLoader.h (90838 => 90839)
--- trunk/Source/WebCore/platform/audio/HRTFDatabaseLoader.h 2011-07-12 19:16:24 UTC (rev 90838)
+++ trunk/Source/WebCore/platform/audio/HRTFDatabaseLoader.h 2011-07-12 19:16:53 UTC (rev 90839)
@@ -60,6 +60,8 @@
void waitForLoaderThreadCompletion();
HRTFDatabase* database() { return m_hrtfDatabase.get(); }
+
+ double databaseSampleRate() const { return m_databaseSampleRate; }
// Called in asynchronous loading thread.
void load();
@@ -77,8 +79,6 @@
// This must be called from the main thread.
void loadAsynchronously();
- double databaseSampleRate() const { return m_databaseSampleRate; }
-
static HRTFDatabaseLoader* s_loader; // singleton
OwnPtr<HRTFDatabase> m_hrtfDatabase;
ThreadIdentifier m_databaseLoaderThread;
Modified: trunk/Source/WebCore/webaudio/AudioContext.cpp (90838 => 90839)
--- trunk/Source/WebCore/webaudio/AudioContext.cpp 2011-07-12 19:16:24 UTC (rev 90838)
+++ trunk/Source/WebCore/webaudio/AudioContext.cpp 2011-07-12 19:16:53 UTC (rev 90839)
@@ -72,14 +72,34 @@
const unsigned MaxNodesToDeletePerQuantum = 10;
namespace WebCore {
+
+namespace {
+
+bool isSampleRateRangeGood(double sampleRate)
+{
+ return sampleRate >= 22050 && sampleRate <= 96000;
+}
+}
+
PassRefPtr<AudioContext> AudioContext::create(Document* document)
{
+ ASSERT(document);
return adoptRef(new AudioContext(document));
}
-PassRefPtr<AudioContext> AudioContext::createOfflineContext(Document* document, unsigned numberOfChannels, size_t numberOfFrames, double sampleRate)
+PassRefPtr<AudioContext> AudioContext::createOfflineContext(Document* document, unsigned numberOfChannels, size_t numberOfFrames, double sampleRate, ExceptionCode& ec)
{
+ ASSERT(document);
+
+ // FIXME: offline contexts have limitations on supported sample-rates.
+ // Currently all AudioContexts must have the same sample-rate.
+ HRTFDatabaseLoader* loader = HRTFDatabaseLoader::loader();
+ if (numberOfChannels > 10 || !isSampleRateRangeGood(sampleRate) || (loader && loader->databaseSampleRate() != sampleRate)) {
+ ec = SYNTAX_ERR;
+ return 0;
+ }
+
return adoptRef(new AudioContext(document, numberOfChannels, numberOfFrames, sampleRate));
}
@@ -236,6 +256,9 @@
PassRefPtr<AudioBuffer> AudioContext::createBuffer(unsigned numberOfChannels, size_t numberOfFrames, double sampleRate)
{
+ if (!isSampleRateRangeGood(sampleRate) || numberOfChannels > 10 || !numberOfFrames)
+ return 0;
+
return AudioBuffer::create(numberOfChannels, numberOfFrames, sampleRate);
}
Modified: trunk/Source/WebCore/webaudio/AudioContext.h (90838 => 90839)
--- trunk/Source/WebCore/webaudio/AudioContext.h 2011-07-12 19:16:24 UTC (rev 90838)
+++ trunk/Source/WebCore/webaudio/AudioContext.h 2011-07-12 19:16:53 UTC (rev 90839)
@@ -71,7 +71,7 @@
static PassRefPtr<AudioContext> create(Document*);
// Create an AudioContext for offline (non-realtime) rendering.
- static PassRefPtr<AudioContext> createOfflineContext(Document*, unsigned numberOfChannels, size_t numberOfFrames, double sampleRate);
+ static PassRefPtr<AudioContext> createOfflineContext(Document*, unsigned numberOfChannels, size_t numberOfFrames, double sampleRate, ExceptionCode&);
virtual ~AudioContext();
