From 52281b9a7e63078cc6936bcd891dea1e5d7efa38 Mon Sep 17 00:00:00 2001
From: Wim Taymans <wtaymans@redhat.com>
Date: Wed, 13 Jul 2022 09:37:01 +0200
Subject: [PATCH] alsa: check the offset against the size of the buffer

We need to check the last offset against the size of the buffer, not the
remaining size in the buffer.

When the writing is split, this could cause the buffer to be reused
wrongly.

See #2536
---
 spa/plugins/alsa/alsa-pcm.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/spa/plugins/alsa/alsa-pcm.c b/spa/plugins/alsa/alsa-pcm.c
index 7ff4edb37..31fdf7cbc 100644
--- a/spa/plugins/alsa/alsa-pcm.c
+++ b/spa/plugins/alsa/alsa-pcm.c
@@ -1971,13 +1971,14 @@ again:
 		size_t n_bytes, n_frames;
 		struct buffer *b;
 		struct spa_data *d;
-		uint32_t i, offs, size;
+		uint32_t i, offs, size, last_offset;
 
 		b = spa_list_first(&state->ready, struct buffer, link);
 		d = b->buf->datas;
 
 		offs = d[0].chunk->offset + state->ready_offset;
-		size = d[0].chunk->size - state->ready_offset;
+		last_offset = d[0].chunk->size;
+		size = last_offset - state->ready_offset;
 
 		offs = SPA_MIN(offs, d[0].maxsize);
 		size = SPA_MIN(d[0].maxsize - offs, size);
@@ -2003,7 +2004,7 @@ again:
 
 		state->ready_offset += n_bytes;
 
-		if (state->ready_offset >= size) {
+		if (state->ready_offset >= last_offset) {
 			spa_list_remove(&b->link);
 			SPA_FLAG_SET(b->flags, BUFFER_FLAG_OUT);
 			state->io->buffer_id = b->id;