From 6bd34156b130c07b130de10111a12ef6dab18b52 Mon Sep 17 00:00:00 2001 From: Tanu Kaskinen Date: Thu, 24 Feb 2011 16:16:43 +0200 Subject: virtual-sink: Fix a crash when moving the sink to a new master right after setup. If the virtual sink is moved to a new master right after it has been created, then the virtual sink input's memblockq can be rewound to a negative read index. The data written prior to the move starts from index zero, so after the rewind there's a bit of silence. If the memblockq doesn't have a silence memchunk set, then pa_memblockq_peek() will return zero in such case, and the returned memchunk's memblock pointer will be NULL. That scenario wasn't taken into account in the implementation of sink_input_pop_cb. Setting a silence memchunk for the memblockq solves this problem, because pa_memblock_peek() will now return a valid memblock if the read index happens to point to a hole in the memblockq. I believe this isn't the best possible solution, though. It doesn't really make sense to rewind the sink input's memblockq beyond index 0 in the first place, because now when the stream starts to play to the new master sink, there's some unnecessary silence before the actual data starts. This is a small problem, though, and I don't grok the rewinding system well enough to know how to fix this issue properly. I went through all files that call pa_memblockq_peek() to see if there are more similar bugs. play-memblockq.c was the only one that looked to me like it might be broken in the same way. I didn't try reproducing the bug with play-memblockq.c, though, so I just added a FIXME comment there. --- src/modules/rtp/rtp.h | 3 +++ 1 file changed, 3 insertions(+) (limited to 'src/modules/rtp') diff --git a/src/modules/rtp/rtp.h b/src/modules/rtp/rtp.h index b197e82f..e975e750 100644 --- a/src/modules/rtp/rtp.h +++ b/src/modules/rtp/rtp.h @@ -40,6 +40,9 @@ typedef struct pa_rtp_context { } pa_rtp_context; pa_rtp_context* pa_rtp_context_init_send(pa_rtp_context *c, int fd, uint32_t ssrc, uint8_t payload, size_t frame_size); + +/* If the memblockq doesn't have a silence memchunk set, then the caller must + * guarantee that the current read index doesn't point to a hole. */ int pa_rtp_send(pa_rtp_context *c, size_t size, pa_memblockq *q); pa_rtp_context* pa_rtp_context_init_recv(pa_rtp_context *c, int fd, size_t frame_size); -- cgit