From c16c8e0871b7055c834aa9bebedc9ea6ed377991 Mon Sep 17 00:00:00 2001
From: Shravan Narayan <shravanrn@gmail.com>
Date: Mon, 13 May 2024 20:40:24 +0000
Subject: [PATCH] Bug 1894110 - Graceful failure path for soundtouch sandbox
 creation failure r=glandium,media-playback-reviewers,padenot

Differential Revision: https://phabricator.services.mozilla.com/D208947
---
 config/external/lgpllibs/lgpllibs.symbols     |  1 +
 dom/media/AudioStream.cpp                     |  7 +++++-
 .../mediasink/AudioDecoderInputTrack.cpp      |  3 +++
 media/libsoundtouch/src/RLBoxSoundTouch.cpp   | 24 ++++++++++++++-----
 media/libsoundtouch/src/RLBoxSoundTouch.h     |  3 +++
 5 files changed, 31 insertions(+), 7 deletions(-)

diff --git a/config/external/lgpllibs/lgpllibs.symbols b/config/external/lgpllibs/lgpllibs.symbols
index 2d7c36dae2e4..18a08bd62d4f 100644
--- a/config/external/lgpllibs/lgpllibs.symbols
+++ b/config/external/lgpllibs/lgpllibs.symbols
@@ -7,6 +7,7 @@ _ZN7mozilla15RLBoxSoundTouch13setSampleRateEj
 _ZN7mozilla15RLBoxSoundTouch14receiveSamplesEPfj
 _ZN7mozilla15RLBoxSoundTouch18resizeSampleBufferEj
 _ZN7mozilla15RLBoxSoundTouch21numUnprocessedSamplesEv
+_ZN7mozilla15RLBoxSoundTouch4InitEv
 _ZN7mozilla15RLBoxSoundTouch5flushEv
 _ZN7mozilla15RLBoxSoundTouch7setRateEd
 _ZN7mozilla15RLBoxSoundTouch8setPitchEd
diff --git a/dom/media/AudioStream.cpp b/dom/media/AudioStream.cpp
index bb0248d942af..c01024ab5621 100644
--- a/dom/media/AudioStream.cpp
+++ b/dom/media/AudioStream.cpp
@@ -168,7 +168,12 @@ size_t AudioStream::SizeOfIncludingThis(MallocSizeOf aMallocSizeOf) const {
 nsresult AudioStream::EnsureTimeStretcherInitialized() {
   AssertIsOnAudioThread();
   if (!mTimeStretcher) {
-    mTimeStretcher = new RLBoxSoundTouch();
+    auto timestretcher = MakeUnique<RLBoxSoundTouch>();
+    if (!timestretcher || !timestretcher->Init()) {
+      return NS_ERROR_FAILURE;
+    }
+    mTimeStretcher = timestretcher.release();
+
     mTimeStretcher->setSampleRate(mAudioClock.GetInputRate());
     mTimeStretcher->setChannels(mOutChannels);
     mTimeStretcher->setPitch(1.0);
diff --git a/dom/media/mediasink/AudioDecoderInputTrack.cpp b/dom/media/mediasink/AudioDecoderInputTrack.cpp
index 50555256e722..611fb71c3959 100644
--- a/dom/media/mediasink/AudioDecoderInputTrack.cpp
+++ b/dom/media/mediasink/AudioDecoderInputTrack.cpp
@@ -621,6 +621,9 @@ void AudioDecoderInputTrack::EnsureTimeStretcher() {
   AssertOnGraphThread();
   if (!mTimeStretcher) {
     mTimeStretcher = new RLBoxSoundTouch();
+    MOZ_RELEASE_ASSERT(mTimeStretcher);
+    MOZ_RELEASE_ASSERT(mTimeStretcher->Init());
+
     mTimeStretcher->setSampleRate(Graph()->GraphRate());
     mTimeStretcher->setChannels(GetChannelCountForTimeStretcher());
     mTimeStretcher->setPitch(1.0);
diff --git a/media/libsoundtouch/src/RLBoxSoundTouch.cpp b/media/libsoundtouch/src/RLBoxSoundTouch.cpp
index 2c5fca2bad64..0392ee21b2a4 100644
--- a/media/libsoundtouch/src/RLBoxSoundTouch.cpp
+++ b/media/libsoundtouch/src/RLBoxSoundTouch.cpp
@@ -10,24 +10,36 @@ using namespace rlbox;
 using namespace mozilla;
 using namespace soundtouch;
 
-RLBoxSoundTouch::RLBoxSoundTouch() {
+RLBoxSoundTouch::RLBoxSoundTouch() {}
+
+bool RLBoxSoundTouch::Init() {
 #ifdef MOZ_WASM_SANDBOXING_SOUNDTOUCH
-  mSandbox.create_sandbox(true /* infallible */);
+  const bool success = mSandbox.create_sandbox(false /* infallible */);
 #else
+  const bool success = true;
   mSandbox.create_sandbox();
 #endif
+
+  if (!success){
+    return false;
+  }
+
   mTimeStretcher = mSandbox.invoke_sandbox_function(createSoundTouchObj);
 
   // Allocate buffer in sandbox to receive samples.
   mSampleBuffer = mSandbox.malloc_in_sandbox<AudioDataValue>(mSampleBufferSize);
   MOZ_RELEASE_ASSERT(mSampleBuffer);
+  mCreated = true;
+  return true;
 }
 
 RLBoxSoundTouch::~RLBoxSoundTouch() {
-  mSandbox.free_in_sandbox(mSampleBuffer);
-  mSandbox.invoke_sandbox_function(destroySoundTouchObj, mTimeStretcher);
-  mTimeStretcher = nullptr;
-  mSandbox.destroy_sandbox();
+  if (mCreated) {
+    mSandbox.free_in_sandbox(mSampleBuffer);
+    mSandbox.invoke_sandbox_function(destroySoundTouchObj, mTimeStretcher);
+    mTimeStretcher = nullptr;
+    mSandbox.destroy_sandbox();
+  }
 }
 
 void RLBoxSoundTouch::setSampleRate(uint aRate) {
diff --git a/media/libsoundtouch/src/RLBoxSoundTouch.h b/media/libsoundtouch/src/RLBoxSoundTouch.h
index fae43af7b83b..bb5889082677 100644
--- a/media/libsoundtouch/src/RLBoxSoundTouch.h
+++ b/media/libsoundtouch/src/RLBoxSoundTouch.h
@@ -48,6 +48,8 @@ class RLBoxSoundTouch {
   RLBOX_SOUNDTOUCH_API
   RLBoxSoundTouch();
   RLBOX_SOUNDTOUCH_API
+  bool Init();
+  RLBOX_SOUNDTOUCH_API
   ~RLBoxSoundTouch();
 
   RLBOX_SOUNDTOUCH_API
@@ -76,6 +78,7 @@ class RLBoxSoundTouch {
   void flush();
 
  private:
+  bool mCreated{false};
   uint mChannels{0};
   rlbox_sandbox_soundtouch mSandbox;
   tainted_soundtouch<mozilla::AudioDataValue*> mSampleBuffer{nullptr};