aboutsummaryrefslogtreecommitdiff
path: root/audio
diff options
context:
space:
mode:
authorVolker RĂ¼melin <vr_qemu@t-online.de>2020-01-23 08:49:43 +0100
committerGerd Hoffmann <kraxel@redhat.com>2020-01-31 08:49:48 +0100
commit599eac4e5a41e828645594097daee39373acc3c0 (patch)
treeafecef2517630c09444ca2b40083248d3a0070f8 /audio
parentf03cd06814ab282196165808c01d4433773a6e0f (diff)
downloadqemu-599eac4e5a41e828645594097daee39373acc3c0.zip
qemu-599eac4e5a41e828645594097daee39373acc3c0.tar.gz
qemu-599eac4e5a41e828645594097daee39373acc3c0.tar.bz2
audio: audio_generic_get_buffer_in should honor *size
The function generic_get_buffer_in currently ignores the *size parameter and may return a buffer larger than *size. As a result the variable samples in function audio_pcm_hw_run_in may underflow. The while loop then most likely will never termiate. Buglink: http://bugs.debian.org/948658 Signed-off-by: Volker RĂ¼melin <vr_qemu@t-online.de> Message-Id: <20200123074943.6699-9-vr_qemu@t-online.de> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Diffstat (limited to 'audio')
-rw-r--r--audio/audio.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/audio/audio.c b/audio/audio.c
index b686429..f985940 100644
--- a/audio/audio.c
+++ b/audio/audio.c
@@ -1407,7 +1407,8 @@ void *audio_generic_get_buffer_in(HWVoiceIn *hw, size_t *size)
}
assert(start >= 0 && start < hw->size_emul);
- *size = MIN(hw->pending_emul, hw->size_emul - start);
+ *size = MIN(*size, hw->pending_emul);
+ *size = MIN(*size, hw->size_emul - start);
return hw->buf_emul + start;
}