mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2025-10-29 05:40:27 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

modules: clamp input offset and size

Browse source 
So that we don't cause memory errors with invalid input.
This commit is contained in:
Wim Taymans 2022-06-04 11:47:48 +02:00
parent 24ba3f4d92
commit 0f839c7b61
10 changed files with 96 additions and 61 deletions
Download patch file Download diff file Expand all files Collapse all files

10
src/modules/module-pulse-tunnel.c
View file

@ -246,7 +246,7 @@ static void playback_stream_process(void *d)
struct pw_buffer *buf;
struct spa_data *bd;
int32_t filled;
uint32_t write_index, size;
uint32_t write_index, offs, size;
if ((buf = pw_stream_dequeue_buffer(impl->stream)) == NULL) {
pw_log_debug("out of buffers: %m");
@ -254,7 +254,9 @@ static void playback_stream_process(void *d)
}
bd = &buf->buffer->datas[0];
size = SPA_MIN(bd->chunk->size, RINGBUFFER_SIZE);
offs = SPA_MIN(bd->chunk->offset, bd->maxsize);
size = SPA_MIN(bd->chunk->size, bd->maxsize - offs);
size = SPA_MIN(size, RINGBUFFER_SIZE);
filled = spa_ringbuffer_get_write_index(&impl->ring, &write_index);
@ -281,8 +283,8 @@ static void playback_stream_process(void *d)
}
spa_ringbuffer_write_data(&impl->ring,
impl->buffer, RINGBUFFER_SIZE,
write_index & RINGBUFFER_MASK,
SPA_PTROFF(bd->data, bd->chunk->offset, void),
write_index & RINGBUFFER_MASK,
SPA_PTROFF(bd->data, offs, void),
size);
write_index += size;
spa_ringbuffer_write_update(&impl->ring, write_index);