[PATCH 12/12] audio: prevent an integer overflow in resampling code

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: "Volker Rümelin" <vr_qemu@t-online.de>
To: Gerd Hoffmann <kraxel@redhat.com>
Cc: qemu-devel@nongnu.org
Subject: [PATCH 12/12] audio: prevent an integer overflow in resampling code
Date: Fri, 23 Sep 2022 20:36:40 +0200	[thread overview]
Message-ID: <20220923183640.8314-12-vr_qemu@t-online.de> (raw)
In-Reply-To: <38d7417a-fc26-be39-6a63-99c79ee15fc9@t-online.de>

There are corner cases where rate->opos can overflow. For
example, if QEMU is started with -audiodev pa,id=audio0,
out.frequency=11025 -device ich9-intel-hda -device hda-duplex,
audiodev=audio0 and the guest plays audio with a sampling
frequency of 44100Hz, rate->opos will overflow after 27.05h
and the audio stream will be silent for a long time.

To prevent a rate->opos and also a rate->ipos overflow, both
are wrapped around after a short time. The wrap around point
rate->ipos >= 0x10001 is an arbitrarily selected value and can
be any small value, 0 and 1 included.

The comment that an ipos overflow will result in an infinite
loop has been removed, because in this case the resampling code
only generates no more output samples and the audio stream stalls.
However, there is no infinite loop.

Signed-off-by: Volker Rümelin <vr_qemu@t-online.de>
---
 audio/rate_template.h | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/audio/rate_template.h b/audio/rate_template.h
index f94c940c61..b432719ebb 100644
--- a/audio/rate_template.h
+++ b/audio/rate_template.h
@@ -72,11 +72,6 @@ void NAME (void *opaque, struct st_sample *ibuf, struct st_sample *obuf,
             ilast = *ibuf++;
             rate->ipos++;

-            /* if ipos overflow, there is  a infinite loop */
-            if (rate->ipos == 0xffffffff) {
-                rate->ipos = 1;
-                rate->opos = rate->opos & 0xffffffff;
-            }
             /* See if we finished the input buffer yet */
             if (ibuf >= iend) {
                 goto the_end;
@@ -85,6 +80,12 @@ void NAME (void *opaque, struct st_sample *ibuf, struct st_sample *obuf,

         icur = *ibuf;

+        /* wrap ipos and opos around long before they overflow */
+        if (rate->ipos >= 0x10001) {
+            rate->ipos = 1;
+            rate->opos &= 0xffffffff;
+        }
+
         /* interpolate */
 #ifdef FLOAT_MIXENG
 #ifdef RECIPROCAL
-- 
2.35.3

next prev parent reply	other threads:[~2022-09-23 18:58 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-09-23 18:34 [PATCH 00/12] audio: misc. improvements and bug fixes Volker Rümelin
2022-09-23 18:36 ` [PATCH 01/12] audio: refactor code in audio_run_out() Volker Rümelin
2022-09-27 11:54   ` Marc-André Lureau
2022-09-23 18:36 ` [PATCH 02/12] audio: fix GUS audio playback with out.mixing-engine=off Volker Rümelin
2022-09-27 11:54   ` Marc-André Lureau
2022-09-23 18:36 ` [PATCH 03/12] audio: run downstream playback queue unconditionally Volker Rümelin
2022-09-27 11:54   ` Marc-André Lureau
2022-09-23 18:36 ` [PATCH 04/12] alsaaudio: reduce playback latency Volker Rümelin
2022-09-27 11:54   ` Marc-André Lureau
2022-09-23 18:36 ` [PATCH 05/12] audio: add more audio rate control functions Volker Rümelin
2022-09-27 11:54   ` Marc-André Lureau
2022-09-23 18:36 ` [PATCH 06/12] spiceaudio: add a pcm_ops buffer_get_free function Volker Rümelin
2022-09-27 11:54   ` Marc-André Lureau
2022-09-23 18:36 ` [PATCH 07/12] spiceaudio: update comment Volker Rümelin
2022-09-27 11:54   ` Marc-André Lureau
2022-09-23 18:36 ` [PATCH 08/12] audio: swap audio_rate_get_bytes() function parameters Volker Rümelin
2022-09-27 11:54   ` Marc-André Lureau
2022-09-23 18:36 ` [PATCH 09/12] audio: rename audio_sw_bytes_free() Volker Rümelin
2022-09-27 11:54   ` Marc-André Lureau
2022-09-23 18:36 ` [PATCH 10/12] audio: refactor audio_get_avail() Volker Rümelin
2022-09-27 11:54   ` Marc-André Lureau
2022-09-23 18:36 ` [PATCH 11/12] audio: fix sw->buf size for audio recording Volker Rümelin
2022-09-27 11:54   ` Marc-André Lureau
2022-10-01 12:08     ` Volker Rümelin
2022-09-23 18:36 ` Volker Rümelin [this message]
2022-10-11 13:31 ` [PATCH 00/12] audio: misc. improvements and bug fixes Gerd Hoffmann

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:f94c940c6 dfblob:b432719eb )
 OR (
bs:"[PATCH 12/12] audio: prevent an integer overflow in resampling code" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220923183640.8314-12-vr_qemu@t-online.de \
    --to=vr_qemu@t-online.de \
    --cc=kraxel@redhat.com \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).