From 6bd34156b130c07b130de10111a12ef6dab18b52 Mon Sep 17 00:00:00 2001 From: Tanu Kaskinen Date: Thu, 24 Feb 2011 16:16:43 +0200 Subject: virtual-sink: Fix a crash when moving the sink to a new master right after setup. If the virtual sink is moved to a new master right after it has been created, then the virtual sink input's memblockq can be rewound to a negative read index. The data written prior to the move starts from index zero, so after the rewind there's a bit of silence. If the memblockq doesn't have a silence memchunk set, then pa_memblockq_peek() will return zero in such case, and the returned memchunk's memblock pointer will be NULL. That scenario wasn't taken into account in the implementation of sink_input_pop_cb. Setting a silence memchunk for the memblockq solves this problem, because pa_memblock_peek() will now return a valid memblock if the read index happens to point to a hole in the memblockq. I believe this isn't the best possible solution, though. It doesn't really make sense to rewind the sink input's memblockq beyond index 0 in the first place, because now when the stream starts to play to the new master sink, there's some unnecessary silence before the actual data starts. This is a small problem, though, and I don't grok the rewinding system well enough to know how to fix this issue properly. I went through all files that call pa_memblockq_peek() to see if there are more similar bugs. play-memblockq.c was the only one that looked to me like it might be broken in the same way. I didn't try reproducing the bug with play-memblockq.c, though, so I just added a FIXME comment there. --- src/pulsecore/play-memblockq.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'src/pulsecore') diff --git a/src/pulsecore/play-memblockq.c b/src/pulsecore/play-memblockq.c index 0d6da3ee..f075a5bf 100644 --- a/src/pulsecore/play-memblockq.c +++ b/src/pulsecore/play-memblockq.c @@ -135,6 +135,12 @@ static int sink_input_pop_cb(pa_sink_input *i, size_t nbytes, pa_memchunk *chunk return -1; } + /* FIXME: u->memblockq doesn't have a silence memchunk set, so + * pa_memblockq_peek() will return 0 without returning any memblock if the + * read index points to a hole. If the memblockq is rewound beyond index 0, + * then there will be a hole. */ + pa_assert(chunk->memblock); + chunk->length = PA_MIN(chunk->length, nbytes); pa_memblockq_drop(u->memblockq, chunk->length); -- cgit