-
Notifications
You must be signed in to change notification settings - Fork 1.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Security hardening for SincResampler
https://bugs.webkit.org/show_bug.cgi?id=261317 rdar://105650262 Reviewed by David Kilzer and Darin Adler. Do security hardening for SincResampler as we have evidence that we're getting the logic wrong in some cases and doing a heap-buffer overflow WRITE. This patch updates SincResampler to use `std::span<float>` instead of `float*` and to leverage new memcpySpans() / memsetSpan() functions I added to WTF. This had several benefits: - Using std::span means we don't lose tracks of our buffer bounds so we can do extra bounds checks. - We benefit from std::span's bounds checks too which are already enabled on trunk via `-D_LIBCPP_ENABLE_ASSERTIONS=1`. Those checks apply to subspan() and operator[] in particular, both of which are used by SincResampler. * Source/WTF/WTF.xcodeproj/project.pbxproj: * Source/WTF/wtf/Algorithms.h:. (WTF::memcpySpans): (WTF::memsetSpan): * Source/WebCore/platform/audio/AudioArray.h: (WebCore::AudioArray::toSpan): (WebCore::AudioArray::toSpan const): * Source/WebCore/platform/audio/AudioBus.cpp: (WebCore::AudioBus::createBySampleRateConverting): * Source/WebCore/platform/audio/AudioChannel.h: * Source/WebCore/platform/audio/MultiChannelResampler.cpp: (WebCore::MultiChannelResampler::process): (WebCore::MultiChannelResampler::provideInputForChannel): * Source/WebCore/platform/audio/MultiChannelResampler.h: * Source/WebCore/platform/audio/SincResampler.cpp: (WebCore::SincResampler::SincResampler): (WebCore::SincResampler::updateRegions): (WebCore::SincResampler::processBuffer): (WebCore::SincResampler::process): * Source/WebCore/platform/audio/SincResampler.h: Canonical link: https://commits.webkit.org/265870.537@safari-7616-branch
- Loading branch information
1 parent
e2a2dcf
commit 2e71064
Showing
8 changed files
with
87 additions
and
59 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters