[vlc-commits] prefetch: do not read/write past circular buffer edge

Rémi Denis-Courmont git at videolan.org
Mon Jul 25 21:31:33 CEST 2016 

vlc | branch: master | Rémi Denis-Courmont <remi at remlab.net> | Mon Jul 25 22:29:07 2016 +0300| [c6d214a8abb0901cd4f70baccdfd5d73d49f1f91] | committer: Rémi Denis-Courmont

prefetch: do not read/write past circular buffer edge

> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=c6d214a8abb0901cd4f70baccdfd5d73d49f1f91
---

 modules/stream_filter/prefetch.c | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/modules/stream_filter/prefetch.c b/modules/stream_filter/prefetch.c
index 056074e..66ddbe1 100644
--- a/modules/stream_filter/prefetch.c
+++ b/modules/stream_filter/prefetch.c
@@ -90,8 +90,14 @@ static void ThreadRead(stream_t *stream, size_t length)
     vlc_mutex_unlock(&sys->lock);
     assert(length > 0);
 
-    char *p = sys->buffer + (sys->buffer_offset % sys->buffer_size)
-                          + sys->buffer_length;
+    size_t offset = (sys->buffer_offset + sys->buffer_length)
+                    % sys->buffer_size;
+    /* Do not step past the sharp edge of the circular buffer */
+    if (offset + length > sys->buffer_size)
+        length = sys->buffer_size - offset;
+    assert(length > 0);
+
+    char *p = sys->buffer + offset;
     ssize_t val = vlc_stream_ReadPartial(stream->p_source, p, length);
 
     if (val == 0)
@@ -298,7 +304,7 @@ static size_t BufferLevel(const stream_t *stream, bool *eof)
 static ssize_t Read(stream_t *stream, void *buf, size_t buflen)
 {
     stream_sys_t *sys = stream->p_sys;
-    size_t copy;
+    size_t copy, offset;
     bool eof;
 
     if (buflen == 0)
@@ -332,10 +338,14 @@ static ssize_t Read(stream_t *stream, void *buf, size_t buflen)
         vlc_interrupt_forward_stop(data);
     }
 
-    char *p = sys->buffer + (sys->stream_offset % sys->buffer_size);
+    offset = sys->stream_offset % sys->buffer_size;
     if (copy > buflen)
         copy = buflen;
-    memcpy(buf, p, copy);
+    /* Do not step past the sharp edge of the circular buffer */
+    if (offset + copy > sys->buffer_size)
+        copy = sys->buffer_size - offset;
+
+    memcpy(buf, sys->buffer + offset, copy);
     sys->stream_offset += copy;
     vlc_cond_signal(&sys->wait_space);
     vlc_mutex_unlock(&sys->lock);

More information about the vlc-commits mailing list