mirrors/pulseaudio
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pulseaudio/pulseaudio.git synced 2025-10-31 22:25:33 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

pacat: fix a memory issue

Browse source 
If only part of the buffer is written into stdout by stdout_callback,
the buffer_index variable is increased by the number of written bytes,
buffer_length variable is decreased while the allocated buffer size
remains the same. That suggests that the current allocated size is
calculated as (buffer_index + buffer_length). However the current
stream_read_callback implementation writes new data to the start of the
buffer and allocates too little space, so that (buffer + buffer_index +
buffer_length - 1) could actully point outside of the allocated buffer.
This commit is contained in:
Denis Shulyaka 2017-07-30 23:40:19 +03:00 committed by Tanu Kaskinen
parent c2dd53f79c
commit 7ebe7b8a35
1 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
src/utils/pacat.c
View file

@ -251,11 +251,11 @@ static void stream_read_callback(pa_stream *s, size_t length, void *userdata) {
/* If there is a hole in the stream, we generate silence, except /* If there is a hole in the stream, we generate silence, except
* if it's a passthrough stream in which case we skip the hole. */ * if it's a passthrough stream in which case we skip the hole. */
if (data || !(flags & PA_STREAM_PASSTHROUGH)) { if (data || !(flags & PA_STREAM_PASSTHROUGH)) {
buffer = pa_xrealloc(buffer, buffer_length + length); buffer = pa_xrealloc(buffer, buffer_index + buffer_length + length);
if (data) if (data)
memcpy((uint8_t *) buffer + buffer_length, data, length); memcpy((uint8_t *) buffer + buffer_index + buffer_length, data, length);
else else
pa_silence_memory((uint8_t *) buffer + buffer_length, length, &sample_spec); pa_silence_memory((uint8_t *) buffer + buffer_index + buffer_length, length, &sample_spec);
buffer_length += length; buffer_length += length;
} }