The current code uses a pa_strbuf to construct the escaped string. This
will generate a linked list member for each character which may be very
inefficient.
This patch avoids the use of pa_strbuf by allocating a sufficiently large
string which can be filled with the output data.
pa_split_in_place() and pa_split_spaces_in_place() are modifed
to use size_t type instead of integer type.
alsa-ucm.c is revised according to this change.
Signed-off-by: Sangchul Lee <sc11.lee@samsung.com>
It is helpful to improve reproducibility build [1] since
PA_SRCDIR/PA_BUILDDIR contains build path,
--disable-running-from-build-tree could drop these macros at
precompilation.
[1] https://reproducible-builds.org/
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
This should make it easier for clients to elevate their audio threads to
real time priority without having to dig through much through specific
system internals.
set_nonblock() will always set the file descriptor to non-blocking,
regardless of the nonblock argument.
This patch fixes the issue by passing the correct argument to the
fcntl() call. The bug had no impact because there is only one caller
of pa_make_fd_block() in poll-win32.c
The get_cpuid() function in cpu-x86.c was buggy on x86-64. When building
without optimizations, the homegrown assembly code overwrote the
beginning of the function argument list on the stack. That happened to
work fine on regular x86-64, but caused crashing with the x32 ABI.
At least GCC and clang provide cpuid.h, which has the __get_cpuid()
function that can be used instead of the homegrown assembly.
The PA_REG_* constants can be removed as well, because they're not used
any more.
BugLink: https://bugs.freedesktop.org/show_bug.cgi?id=103656
PA_PAGE_SIZE using sysconf() may return a negative number
CID 1137925, CID 1137926, CID 1138485
instead of calling sysconf() directly, add function pa_page_size()
which uses the guestimate 4096 in case sysconf(_SC_PAGE_SIZE) fails
using PA_ONCE to only evaluate sysconf() once
pa_ncpu() is supposed to report the number of processors available on
the system. For that, it currently calls sysconf(_SC_NPROCESSORS_CONF).
However, since the operating system can disable individual processors,
we should call sysconf(_SC_NPROCESSORS_ONLN) to determine the number
of processors currently available [1]. Consequently, the once-test will
fail since pthread_setaffinity_np() is called with CPUs that are
currently not available.
It might also be advisable to change the code in the future to use CPU
sets on Linux as even the suggested change is not 100% safe but at least
it improves over the existing code. If PulseAudio was to be run in a CPU
set [2], the number of processors available to PulseAudio could be even
less than the number of CPUs currently online (_SC_NPROCESSORS_CONF).
[1] https://www.gnu.org/software/libc/manual/html_node/Processor-Resources.html
[2] http://man7.org/linux/man-pages/man7/cpuset.7.html
BugLink: https://bugs.freedesktop.org/show_bug.cgi?id=96809
Signed-off-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
From the NetBSD manual:
The first argument of these functions is of type int, but only a very
restricted subset of values are actually valid. The argument must either
be the value of the macro EOF (which has a negative value), or must be a
non-negative value within the range representable as unsigned char.
Passing invalid values leads to undefined behavior.
-- ctype(3)
Based on some googling, strtod_l() is defined in xlocale.h on BSD.
Glibc seems to define it in stdlib.h, but only if GNU extensions are
enabled (otherwise the function won't be available). So, this patch
should fix the use of strtod_l() on BSDs, but on other systems things
may or may not be still broken.
The original patch author is Jakob Fink <jfink@gmx.at>. He sent this
patch to the freebsd-gnome mailing list:
http://lists.freebsd.org/pipermail/freebsd-gnome/2015-April/032138.html
BugLink: https://bugs.freedesktop.org/show_bug.cgi?id=90285
We have no strtof_l calls in the code, so it doesn't make sense to
check that function's availability. We have one strtod_l call, so
let's check that instead.
I don't know if this change makes any practical difference. I just
wondered why we had HAVE_STRTOF_L ifdefs in core-util.c for code that
didn't use strtof_l.
Previously pa_parse_volume() clamped the value to fit in the valid
range, but I think it's better to reject values outside the valid
range.
This also changes the percentage parsing to allow non-integer values.
We don't and probably never will have any pa_atod() callers that would
require "NaN" to be accepted, so let's filter those out in pa_atod(),
instead of requiring the callers to handle not-a-numbers appropriately
(which they generally forget to do).
pa_atou(), pa_atol() and pa_atod() are stricter than the libc
counterparts (the PA functions reject strings that have trailing extra
stuff in them). I have been under the impression that the PA functions
only accept "obviously valid numbers", that is, I have assumed that
these would be rejected: " 42" (leading whitespace), "" (empty
string) and "-18446744073709551615" in case of pa_atou().
I noticed that empty strings are accepted, however, and on closer
inspection I found that leading whitespace is accepted too, and even
that pa_atou() thinks that "-18446744073709551615" is the same thing
as "1"! This patch makes the parsing functions more strict, so that
they indeed only accept "obviously valid numbers". I decided to also
disallow leading plus signs, just because I don't like them.
In src/pulsecore/core-util.c:set_nice() we currently use a temporary
dbus-connection to set the nice-level via rtkit. However, we never
close that connection. This is fine, as the connection is shared and
dbus-core will manage it. But no other part of pulseaudio (except
set_scheduler()) uses the libdbus1 managed connections. Therefore,
we effectively end up with an unused dbus-connection that is not
integrated into any main-loop. dbus-daemon will send bus-notifications
to the connection (as libdbus1 installs matches for those by default
(it has to!)) until the outgoing queue is full. Thus, we waste several
KBs (or MBs? I didn't look it up) of memory for a message queue that
is never dispatched.
Signed-off-by: David Henningsson <david.henningsson@canonical.com>
FSF addresses used in PA sources are no longer valid and rpmlint
generates numerous warnings during packaging because of this.
This patch changes all FSF addresses to FSF web page according to
the GPL how-to: https://www.gnu.org/licenses/gpl-howto.en.html
Done automatically by sed-ing through sources.
mingw32 does not have "getuid", so ifdef it properly.
Reported-by: Michael DePaulo <mikedep333@gmail.com>
Signed-off-by: David Henningsson <david.henningsson@canonical.com>
Usually, PA will use the PULSE_SERVER X11 property instead of using XDG_RUNTIME_DIR,
so this environment variable does not matter.
If this property is not available, or if one is using the pacmd cli protocol,
the client will go ahead and call pa_make_secure_dir on XDG_RUNTIME_DIR/pulse.
This will either fail (if you're another regular user), or succeed (if you're root).
Both scenarios are bad - failing will cause the connection to fail, and succeeding
is even worse, as it can cause *other* connections to fail (as the directory
ownership has changed).
Instead fail and complain loudly.
BugLink: https://bugs.freedesktop.org/show_bug.cgi?id=83007
Signed-off-by: David Henningsson <david.henningsson@canonical.com>
on systems lacking #defines HAVE_ACCEPT4, HAVE_PIPE2, SOCK_CLOEXEC
pulsecore/core-util.c: In function 'pa_open_cloexec':
pulsecore/core-util.c:3348:1: warning: label 'finish' defined but not used [-Wunused-label]
pulsecore/core-util.c: In function 'pa_socket_cloexec':
pulsecore/core-util.c:3370:1: warning: label 'finish' defined but not used [-Wunused-label]
pulsecore/core-util.c: In function 'pa_pipe_cloexec':
pulsecore/core-util.c:3393:1: warning: label 'finish' defined but not used [-Wunused-label]
pulsecore/core-util.c: In function 'pa_accept_cloexec':
pulsecore/core-util.c:3415:1: warning: label 'finish' defined but not used [-Wunused-label]
Signed-off-by: Peter Meerwald <pmeerw@pmeerw.net>
Initially (in commit ef422fa4ae),
pa_make_secure_dir followed a simple principle: "make a directory, or,
if it exists, check that it is suitable". Later this evolved into "make
a directory, or, if it exists, ensure that it is suitable". But the
check remained.
The check is now neither sufficient nor necessary. On POSIX-compliant
systems, the fstat results being checked are actually post-conditions of
fchmod and fchown. And on systems implementing POSIX ACLs, fstat only
reflects a part of the information relevant to the security of the
directory permissions, so PulseAudio could accept an existing insecure
directory anyway.
Also, the check still fires on non-POSIX-compliant filesystems like CIFS.
As a user cannot do anything to fix it, just accept insecure permissions
in this case.
set_scheduler() assumes that if sys/resource.h was found then we will
find RLIMIT_RTTIME there, but this is a non-POSIX extension on Linux.
Change the check to ensure that RLIMIT_RTTIME is actually defined.
Linux indeed defines this as a macro, and POSIX specifies that the other
RLIMIT_ constants must be macros, so having this as an #ifdef seems
correct.
This reverts commit c327850d9e as
the workaround in that commit is no longer needed after the real
bug has been fixed.
Conflicts:
src/pulsecore/core-util.c
Commit 7e344b5 hade the side effect of forcing every socket to
be non-blocking on Windows. This is because of a (documented)
side effect of WSAEventSelect(). So we need to make sure to restore
blocking behaviour afterwards for relevant sockets.
This code is from heftig, but the mistake that I'm fixing here is my
own. Before applying heftig's patch, I downgraded the level of one of
the log messages. I managed to downgrade a different message than what
I intended, so now I'm undoing that mistake.
