From: Brendan Shanks <brendan.shanks@teradek.com>
Date: Mon, 11 Feb 2019 19:51:26 +0000 (-0800)
Subject: pcm: dshare: Fix overflow when slave_hw_ptr rolls over boundary
X-Git-Tag: v1.1.9~22
X-Git-Url: https://git.alsa-project.org/?a=commitdiff_plain;h=7cea8c156204ebae7c0dc60801dde5ddfa5bb7d0;p=alsa-lib.git

pcm: dshare: Fix overflow when slave_hw_ptr rolls over boundary

In snd_pcm_dshare_sync_area() when 'slave_hw_ptr' rolls over
'slave_boundary', the wrong variable is checked ('dshare->slave_hw_ptr' vs
the local 'slave_hw_ptr'). In some cases, this results in 'slave_hw_ptr'
not rolling over correctly. 'slave_size' and 'size' are then much too
large, and the for loop blocks for several minutes copying samples.

This was likely only triggered on 32-bit systems, since the PCM boundary
is computed based on LONG_MAX and is much larger on 64-bit systems.

This same change was made to pcm_dmix in commit
6c7f60f7a982fdba828e4530a9d7aa0aa2b704ae ("Fix boundary overlap”) from
June 2005.

Signed-off-by: Brendan Shanks <brendan.shanks@teradek.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
---

diff --git a/src/pcm/pcm_dshare.c b/src/pcm/pcm_dshare.c
index 2bb735fe..f135b5df 100644
--- a/src/pcm/pcm_dshare.c
+++ b/src/pcm/pcm_dshare.c
@@ -121,7 +121,7 @@ static void snd_pcm_dshare_sync_area(snd_pcm_t *pcm)
 	 */
 	slave_hw_ptr -= slave_hw_ptr % dshare->slave_period_size;
 	slave_hw_ptr += dshare->slave_buffer_size;
-	if (dshare->slave_hw_ptr > dshare->slave_boundary)
+	if (slave_hw_ptr >= dshare->slave_boundary)
 		slave_hw_ptr -= dshare->slave_boundary;
 	if (slave_hw_ptr < dshare->slave_appl_ptr)
 		slave_size = slave_hw_ptr + (dshare->slave_boundary - dshare->slave_appl_ptr);