The expression `VBAN_PROTOCOL_SERIAL | vban_BPSList[14]` is assigned
to an 8 bit field of the header, but, `vban_BPSList[14]` being
115200, it does not fit. Instead, its index, 14, should be
placed in the header.
In addition to fixing the issue, add `-Werror=constant-conversion`,
and clang diagnostic that catches such issues.
Fixes: 1a5514e5cf ("module-vban: create streams per stream_name")
The value is used when a the format changes in handle_format_change(),
and while it seems this was typically expected to happen async and thus
protected by the thread lock, there are cases (such as with
auto-port-config) where a param might be set within the
pw_stream_connect() call itself (in the case of auto-port-config, by the
impl_init() of the audioadapter).
Since fc49c1697a ("context: improve negotiation") it is possible
that the out parameter `format` will be set to `filter`. However,
`filter` is a SPA POD from the local SPA POD builder `fb`, which
references the local buffer `fbuf`.
In those cases, if the callers then make use of the returned SPA POD,
a stack use-after-free happens, such as the one displayed below.
The issue could be reliably triggered by executing the `video-play`
example program, and then trying to use the same camera in firefox.
As seen below, the input node, firefox's, provides no format preference,
causing the output format to be used. Previously, this had led
to the use-after-free described above.
pw.link | [impl-link.c: 130 link_update_state()] (46.0.1 -> 114.0.0) init -> negotiating (paused-configure)
pw.context | [ context.c: 935 pw_context_find_format()] 0x51e000000080: finding best format 3 1
pw.context | [ context.c: 943 pw_context_find_format()] 0x51e000000080: states 3 1
pw.context | [ context.c: 958 pw_context_find_format()] 0x51e000000080: Got output format:
pw.context | [ context.c: 959 pw_context_find_format()] video/raw
pw.context | [ context.c: 959 pw_context_find_format()] format : (Id) YUY2
pw.context | [ context.c: 959 pw_context_find_format()] size : (Rectangle) 640x480
pw.context | [ context.c: 959 pw_context_find_format()] framerate : (Fraction) 30/1
pw.context | [ context.c: 966 pw_context_find_format()] 0x51e000000080: no input format filter, using output format: Success
=================================================================
==418404==ERROR: AddressSanitizer: stack-use-after-return on address 0x73993ee46200 at pc 0x739941d31020 bp 0x7fff526b4670 sp 0x7fff526b4660
READ of size 4 at 0x73993ee46200 thread T0
#0 0x739941d3101f in spa_pod_builder_raw ../spa/include/spa/pod/builder.h:150
#1 0x739941d3b35d in do_negotiate ../src/pipewire/impl-link.c:294
#2 0x739941d46214 in check_states ../src/pipewire/impl-link.c:727
#3 0x739941f14405 in process_work_queue ../src/pipewire/work-queue.c:64
#4 0x73993d0dbe99 in source_event_func ../spa/plugins/support/loop.c:894
#5 0x73993d0d6881 in loop_iterate ../spa/plugins/support/loop.c:727
#6 0x739941d76b05 in spa_loop_control_enter ../spa/include/spa/support/loop.h:264
#7 0x739941d76d93 in spa_loop_control_leave ../spa/include/spa/support/loop.h:268
#8 0x739941d78946 in pw_main_loop_quit ../src/pipewire/main-loop.c:109
#9 0x5a64b3cb1cec in main ../src/daemon/pipewire.c:130
#10 0x739940c34e07 (/usr/lib/libc.so.6+0x25e07) (BuildId: 98b3d8e0b8c534c769cb871c438b4f8f3a8e4bf3)
#11 0x739940c34ecb in __libc_start_main (/usr/lib/libc.so.6+0x25ecb) (BuildId: 98b3d8e0b8c534c769cb871c438b4f8f3a8e4bf3)
#12 0x5a64b3caf3b4 in _start (/pipewire/build/src/daemon/pipewire+0x173b4) (BuildId: f9e8403a377e28bf8bd9cf0a5b89d33f08499917)
Address 0x73993ee46200 is located in stack of thread T0 at offset 512 in frame
#0 0x739941c6ed5e in pw_context_find_format ../src/pipewire/context.c:907
This frame has 15 object(s):
[...]
[432, 480) 'fb' (line 911)
[512, 4608) 'fbuf' (line 912) <== Memory access at offset 512 is inside this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-return ../spa/include/spa/pod/builder.h:150 in spa_pod_builder_raw
[...]
Fixes: fc49c1697a ("context: improve negotiation")
The EBU R128 filter measures the signal and generates LUFS control
notifications for further processing.
It also adds a plugin that can convert LUFS to a gain (based on a target
LUFS).
Also add an example filter-chain to enable the EBU R128 measurement and
how to use the results to adjust the volume dynamically.
See #2286#222#2210
When calculating the adjusted max quantum based off of max_latency, the
first multiplication can overflow uint32_t, leading to the quantum being
wrongfully clamped down.
Signed-off-by: Martin Louazel <martin.louazel@streamunlimited.com>
We increment the refcount of the loop when we hand it out. We use this
refcount to do some load balancing. In some cases we also decrease the
refcount again when the release_loop() functions is called but we only do
this in some modules. The result is that in most cases the refcount
just keeps on going up and this is misleading.
Change the refcount to a last_used timestamp and prefer to use loops
that have not been used in a while.
Fixes#4436
When not using PTP as the driver, it is possible that packet receive and
the process() callback are out of sync, meaning that the target buffer
fill level might be off by upto one ptime's worth of samples
occasionally. This would make the DLL hunt for the target rate, and
cause a constantly varying delay.
Accounting for the delta between the packet receive time and the
process() time allows us to eliminate this jitter, resulting in much
more consistent rate matching.
Use the pipewire ticks again as the clock source.
This was disabled because the v4l2 sources created bad ticks for the
graph. Now that this is improved we can enable the ticks again.
This has the advantage that simple audio playback does not drift
anymore. The only remaining problem would be timestamp drift or
discontinuities, which we don't handle here yet.
Some clocks (v4l2) don't process exactly process buffers at the given
rate/duration so mark this in the clock flags.
We need to use the nsec field in the clock to derive ticks in pw-stream
in that case to get a good clock.
Remove the check for the target rate and duration. The drivers are
supposed to update that now.
The check is a little racy because a new target could have been
configured right after the driver emitted the ready signal. In that
case we should not update the clock values but let the driver run with
the old values and let the new values become active in the next cycle.
When the driver starts, save all previous node timestamps, not just the
previous signal time.
For async nodes, uses the previous timestamps in the profiler messages
so that we get stats with 1 cycle of delay instead of bogus values
because the node is still processing.
Fixes pw-top for async nodes.
Add a filter-graph info structure with the number of inputs and outputs
in the graph definition.
Use the input/outputs to update the number of channels on the capture and
playback streams when not explicitly given. Also copy over the positions
when they match the other stream and were not explicitly specified.
Fixes#4404
If the peer announces an interlace mode then use it. Otherwise assume
that the video is not interlaced.
This also fixes a problem with caps negotiation:
If downstream reports caps with not fixated interlace mode, e.g.
"interlace-mode=(string){ progressive, interleaved, mixed }"
then without this, the caps handle_format_change() (in the pipewiresrc)
are not fixed and the source waits forever for the negotiation to
finish.
Always listen on the receive socket. Find the stream with the given
stream_name of the packet and create it if it doesn't exist.
Also take the sample-rate, channels and format from the packet
parameters instead of the config.
Fixes#4400
Make SPA plugins from all the filter-graph plugins and use the plugin
loader to load them.
Because they are not in the standard plugin path in development, add
the module dir to the plugin path for now.
