ALSA: pcm: oss: Fix regression by buffer overflow fix (ae769d35) · Commits · 戴 / test

sound/core/oss/pcm_plugin.c

+24 −8

Original line number	Diff line number	Diff line
		@@ -196,7 +196,9 @@ int snd_pcm_plugin_free(struct snd_pcm_plugin *plugin)
		return 0;
		}

		snd_pcm_sframes_t snd_pcm_plug_client_size(struct snd_pcm_substream *plug, snd_pcm_uframes_t drv_frames)
		static snd_pcm_sframes_t plug_client_size(struct snd_pcm_substream *plug,
		snd_pcm_uframes_t drv_frames,
		bool check_size)
		{
		struct snd_pcm_plugin plugin, plugin_prev, *plugin_next;
		int stream;
		@@ -209,7 +211,7 @@ snd_pcm_sframes_t snd_pcm_plug_client_size(struct snd_pcm_substream *plug, snd_p
		if (stream == SNDRV_PCM_STREAM_PLAYBACK) {
		plugin = snd_pcm_plug_last(plug);
		while (plugin && drv_frames > 0) {
		if (drv_frames > plugin->buf_frames)
		if (check_size && drv_frames > plugin->buf_frames)
		drv_frames = plugin->buf_frames;
		plugin_prev = plugin->prev;
		if (plugin->src_frames)
		@@ -222,7 +224,7 @@ snd_pcm_sframes_t snd_pcm_plug_client_size(struct snd_pcm_substream *plug, snd_p
		plugin_next = plugin->next;
		if (plugin->dst_frames)
		drv_frames = plugin->dst_frames(plugin, drv_frames);
		if (drv_frames > plugin->buf_frames)
		if (check_size && drv_frames > plugin->buf_frames)
		drv_frames = plugin->buf_frames;
		plugin = plugin_next;
		}
		@@ -231,7 +233,9 @@ snd_pcm_sframes_t snd_pcm_plug_client_size(struct snd_pcm_substream *plug, snd_p
		return drv_frames;
		}

		snd_pcm_sframes_t snd_pcm_plug_slave_size(struct snd_pcm_substream *plug, snd_pcm_uframes_t clt_frames)
		static snd_pcm_sframes_t plug_slave_size(struct snd_pcm_substream *plug,
		snd_pcm_uframes_t clt_frames,
		bool check_size)
		{
		struct snd_pcm_plugin plugin, plugin_prev, *plugin_next;
		snd_pcm_sframes_t frames;
		@@ -252,14 +256,14 @@ snd_pcm_sframes_t snd_pcm_plug_slave_size(struct snd_pcm_substream *plug, snd_pc
		if (frames < 0)
		return frames;
		}
		if (frames > plugin->buf_frames)
		if (check_size && frames > plugin->buf_frames)
		frames = plugin->buf_frames;
		plugin = plugin_next;
		}
		} else if (stream == SNDRV_PCM_STREAM_CAPTURE) {
		plugin = snd_pcm_plug_last(plug);
		while (plugin) {
		if (frames > plugin->buf_frames)
		if (check_size && frames > plugin->buf_frames)
		frames = plugin->buf_frames;
		plugin_prev = plugin->prev;
		if (plugin->src_frames) {
		@@ -274,6 +278,18 @@ snd_pcm_sframes_t snd_pcm_plug_slave_size(struct snd_pcm_substream *plug, snd_pc
		return frames;
		}

		snd_pcm_sframes_t snd_pcm_plug_client_size(struct snd_pcm_substream *plug,
		snd_pcm_uframes_t drv_frames)
		{
		return plug_client_size(plug, drv_frames, false);
		}

		snd_pcm_sframes_t snd_pcm_plug_slave_size(struct snd_pcm_substream *plug,
		snd_pcm_uframes_t clt_frames)
		{
		return plug_slave_size(plug, clt_frames, false);
		}

		static int snd_pcm_plug_formats(const struct snd_mask *mask,
		snd_pcm_format_t format)
		{
		@@ -630,7 +646,7 @@ snd_pcm_sframes_t snd_pcm_plug_write_transfer(struct snd_pcm_substream *plug, st
		src_channels = dst_channels;
		plugin = next;
		}
		return snd_pcm_plug_client_size(plug, frames);
		return plug_client_size(plug, frames, true);
		}

		snd_pcm_sframes_t snd_pcm_plug_read_transfer(struct snd_pcm_substream plug, struct snd_pcm_plugin_channel dst_channels_final, snd_pcm_uframes_t size)
		@@ -640,7 +656,7 @@ snd_pcm_sframes_t snd_pcm_plug_read_transfer(struct snd_pcm_substream *plug, str
		snd_pcm_sframes_t frames = size;
		int err;

		frames = snd_pcm_plug_slave_size(plug, frames);
		frames = plug_slave_size(plug, frames, true);
		if (frames < 0)
		return frames;

Admin message