patch #1255805 by Frederic Devernay - fix to buffer overflow in dsp.c

git-svn-id: svn://svn.rockbox.org/rockbox/trunk@7301 a1c6a512-1295-4272-9138-f99709370657
author: Linus Nielsen Feltzing <linus@haxx.se> 2005-08-10 23:17:55 +0000
committer: Linus Nielsen Feltzing <linus@haxx.se> 2005-08-10 23:17:55 +0000
commit: 591d2890f11e5e9a2e762496486982ad222e25cb (patch)
tree: 78f3320f266f141898f07ecbbd81f0058ecf036a /apps/playback.c
parent: 064c7afb6363f681b4082998beb5ee36a6fff22a (diff)
download: rockbox-591d2890f11e5e9a2e762496486982ad222e25cb.tar.gz
rockbox-591d2890f11e5e9a2e762496486982ad222e25cb.zip
1 files changed, 11 insertions, 3 deletions
diff --git a/apps/playback.c b/apps/playback.c
index 526fff376b..fb8232012e 100644
--- a/apps/playback.c
+++ b/apps/playback.c
@@ -196,12 +196,20 @@ bool codec_pcmbuf_insert_split_callback(void *ch1, void *ch2,
            yield();
        }
+        /* Get the real input_size for output_size bytes, guarding
+         * against resampling buffer overflows. */
        input_size = dsp_input_size(output_size);
-        /* Guard against rounding errors (output_size can be too large). */
+        if (input_size > length) {
-        input_size = MIN(input_size, length);
+            DEBUGF("Error: dsp_input_size(%ld=dsp_output_size(%ld))=%ld > %ld\n",
+                   output_size, length, input_size, length);
+            input_size = length;
+        }
+        
        if (input_size <= 0) {
            pcmbuf_flush_buffer(0);
+            DEBUGF("Warning: dsp_input_size(%ld=dsp_output_size(%ld))=%ld <= 0\n",
+                   output_size, length, input_size);
+            /* should we really continue, or should we break? */
            continue;
        }
author	Linus Nielsen Feltzing <linus@haxx.se>	2005-08-10 23:17:55 +0000
committer	Linus Nielsen Feltzing <linus@haxx.se>	2005-08-10 23:17:55 +0000
commit	591d2890f11e5e9a2e762496486982ad222e25cb (patch)
tree	78f3320f266f141898f07ecbbd81f0058ecf036a /apps/playback.c
parent	064c7afb6363f681b4082998beb5ee36a6fff22a (diff)
download	rockbox-591d2890f11e5e9a2e762496486982ad222e25cb.tar.gz rockbox-591d2890f11e5e9a2e762496486982ad222e25cb.zip

diff --git a/apps/playback.c b/apps/playback.c index 526fff376b..fb8232012e 100644 --- a/apps/playback.c +++ b/apps/playback.c
@@ -196,12 +196,20 @@ bool codec_pcmbuf_insert_split_callback(void ch1, void ch2,
196	yield();	196	yield();
197	}	197	}
198		198
		199	/* Get the real input_size for output_size bytes, guarding
		200	* against resampling buffer overflows. */
199	input_size = dsp_input_size(output_size);	201	input_size = dsp_input_size(output_size);
200	/* Guard against rounding errors (output_size can be too large). */	202	if (input_size > length) {
201	input_size = MIN(input_size, length);	203	DEBUGF("Error: dsp_input_size(%ld=dsp_output_size(%ld))=%ld > %ld\n",
202		204	output_size, length, input_size, length);
		205	input_size = length;
		206	}
		207
203	if (input_size <= 0) {	208	if (input_size <= 0) {
204	pcmbuf_flush_buffer(0);	209	pcmbuf_flush_buffer(0);
		210	DEBUGF("Warning: dsp_input_size(%ld=dsp_output_size(%ld))=%ld <= 0\n",
		211	output_size, length, input_size);
		212	/* should we really continue, or should we break? */
205	continue;	213	continue;
206	}	214	}
207		215