[alsa-devel] [PATCH] pcm: dshare: Fix overflow when slave_hw_ptr rolls over boundary
Brendan Shanks
brendan.shanks at teradek.com
Mon Feb 11 20:51:26 CET 2019
In snd_pcm_dshare_sync_area() when 'slave_hw_ptr' rolls over
'slave_boundary', the wrong variable is checked ('dshare->slave_hw_ptr' vs
the local 'slave_hw_ptr'). In some cases, this results in 'slave_hw_ptr'
not rolling over correctly. 'slave_size' and 'size' are then much too
large, and the for loop blocks for several minutes copying samples.
This was likely only triggered on 32-bit systems, since the PCM boundary
is computed based on LONG_MAX and is much larger on 64-bit systems.
This same change was made to pcm_dmix in commit
6c7f60f7a982fdba828e4530a9d7aa0aa2b704ae ("Fix boundary overlap”) from
June 2005.
Signed-off-by: Brendan Shanks <brendan.shanks at teradek.com>
diff --git a/src/pcm/pcm_dshare.c b/src/pcm/pcm_dshare.c
index 2bb735fe..f135b5df 100644
--- a/src/pcm/pcm_dshare.c
+++ b/src/pcm/pcm_dshare.c
@@ -121,7 +121,7 @@ static void snd_pcm_dshare_sync_area(snd_pcm_t *pcm)
*/
slave_hw_ptr -= slave_hw_ptr % dshare->slave_period_size;
slave_hw_ptr += dshare->slave_buffer_size;
- if (dshare->slave_hw_ptr > dshare->slave_boundary)
+ if (slave_hw_ptr >= dshare->slave_boundary)
slave_hw_ptr -= dshare->slave_boundary;
if (slave_hw_ptr < dshare->slave_appl_ptr)
slave_size = slave_hw_ptr + (dshare->slave_boundary - dshare->slave_appl_ptr);
--
2.17.1
More information about the Alsa-devel
mailing list