From 7cea8c156204ebae7c0dc60801dde5ddfa5bb7d0 Mon Sep 17 00:00:00 2001
From: Brendan Shanks <brendan.shanks@teradek.com>
Date: Mon, 11 Feb 2019 11:51:26 -0800
Subject: [PATCH] pcm: dshare: Fix overflow when slave_hw_ptr rolls over
 boundary
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

In snd_pcm_dshare_sync_area() when 'slave_hw_ptr' rolls over
'slave_boundary', the wrong variable is checked ('dshare->slave_hw_ptr' vs
the local 'slave_hw_ptr'). In some cases, this results in 'slave_hw_ptr'
not rolling over correctly. 'slave_size' and 'size' are then much too
large, and the for loop blocks for several minutes copying samples.

This was likely only triggered on 32-bit systems, since the PCM boundary
is computed based on LONG_MAX and is much larger on 64-bit systems.

This same change was made to pcm_dmix in commit
6c7f60f7a982fdba828e4530a9d7aa0aa2b704ae ("Fix boundary overlap”) from
June 2005.

Signed-off-by: Brendan Shanks <brendan.shanks@teradek.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
---
 src/pcm/pcm_dshare.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/pcm/pcm_dshare.c b/src/pcm/pcm_dshare.c
index 2bb735fe..f135b5df 100644
--- a/src/pcm/pcm_dshare.c
+++ b/src/pcm/pcm_dshare.c
@@ -121,7 +121,7 @@ static void snd_pcm_dshare_sync_area(snd_pcm_t *pcm)
 	 */
 	slave_hw_ptr -= slave_hw_ptr % dshare->slave_period_size;
 	slave_hw_ptr += dshare->slave_buffer_size;
-	if (dshare->slave_hw_ptr > dshare->slave_boundary)
+	if (slave_hw_ptr >= dshare->slave_boundary)
 		slave_hw_ptr -= dshare->slave_boundary;
 	if (slave_hw_ptr < dshare->slave_appl_ptr)
 		slave_size = slave_hw_ptr + (dshare->slave_boundary - dshare->slave_appl_ptr);
-- 
2.47.1