Title: [97214] trunk/Source/WebCore
- Revision
- 97214
- Author
- [email protected]
- Date
- 2011-10-11 18:48:00 -0700 (Tue, 11 Oct 2011)
Log Message
Heap buffer overflow in Webaudio FFTFrame::doFFT
https://bugs.webkit.org/show_bug.cgi?id=69447
Reviewed by Kenneth Russell.
No new tests. This only changes internal implementation details.
* platform/audio/HRTFKernel.cpp:
(WebCore::extractAverageGroupDelay):
* platform/audio/HRTFPanner.cpp:
(WebCore::HRTFPanner::fftSizeForSampleRate):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (97213 => 97214)
--- trunk/Source/WebCore/ChangeLog 2011-10-12 01:40:22 UTC (rev 97213)
+++ trunk/Source/WebCore/ChangeLog 2011-10-12 01:48:00 UTC (rev 97214)
@@ -1,3 +1,17 @@
+2011-10-11 Chris Rogers <[email protected]>
+
+ Heap buffer overflow in Webaudio FFTFrame::doFFT
+ https://bugs.webkit.org/show_bug.cgi?id=69447
+
+ Reviewed by Kenneth Russell.
+
+ No new tests. This only changes internal implementation details.
+
+ * platform/audio/HRTFKernel.cpp:
+ (WebCore::extractAverageGroupDelay):
+ * platform/audio/HRTFPanner.cpp:
+ (WebCore::HRTFPanner::fftSizeForSampleRate):
+
2011-10-11 Ryosuke Niwa <[email protected]>
Second Qt minimum release build fix attempt after r97163.
Modified: trunk/Source/WebCore/platform/audio/HRTFKernel.cpp (97213 => 97214)
--- trunk/Source/WebCore/platform/audio/HRTFKernel.cpp 2011-10-12 01:40:22 UTC (rev 97213)
+++ trunk/Source/WebCore/platform/audio/HRTFKernel.cpp 2011-10-12 01:48:00 UTC (rev 97214)
@@ -52,7 +52,10 @@
float* impulseP = channel->data();
- ASSERT(channel->length() >= analysisFFTSize);
+ bool isSizeGood = channel->length() >= analysisFFTSize;
+ ASSERT(isSizeGood);
+ if (!isSizeGood)
+ return 0;
// Check for power-of-2.
ASSERT(1UL << static_cast<unsigned>(log2(analysisFFTSize)) == analysisFFTSize);
Modified: trunk/Source/WebCore/platform/audio/HRTFPanner.cpp (97213 => 97214)
--- trunk/Source/WebCore/platform/audio/HRTFPanner.cpp 2011-10-12 01:40:22 UTC (rev 97213)
+++ trunk/Source/WebCore/platform/audio/HRTFPanner.cpp 2011-10-12 01:48:00 UTC (rev 97214)
@@ -64,9 +64,9 @@
{
// The HRTF impulse responses (loaded as audio resources) are 512 sample-frames @44.1KHz.
// Currently, we truncate the impulse responses to half this size, but an FFT-size of twice impulse response size is needed (for convolution).
- // So for sample rates around 44.1KHz an FFT size of 512 is good. We double that size for higher sample rates.
+ // So for sample rates around 44.1KHz an FFT size of 512 is good. We double the FFT-size only for sample rates at least double this.
ASSERT(sampleRate >= 44100 && sampleRate <= 96000.0);
- return (sampleRate <= 48000.0) ? 512 : 1024;
+ return (sampleRate < 88200.0) ? 512 : 1024;
}
void HRTFPanner::reset()
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
