[vlc-devel] [PATCH 3/4] directsound: fix a possible data read beyond the end of a buffer
Denis Charmet
typx at dinauz.org
Sat Jul 20 14:07:15 CEST 2013
Hi,
Le samedi 20 juillet 2013 à 01:50:51, Ludovic Fauvet a écrit :
> @@ -714,9 +714,13 @@ static int FillBuffer( audio_output_t *p_aout, block_t *p_buffer )
> p_sys->chans_to_reorder, p_sys->chan_table,
> p_sys->format );
>
> - memcpy( p_write_position, p_buffer->p_buffer, l_bytes1 );
> + i_size = ( p_buffer->i_buffer < l_bytes1 ) ? p_buffer->i_buffer : l_bytes1;
> + memcpy( p_write_position, p_buffer->p_buffer, i_size );
> if( l_bytes1 < p_buffer->i_buffer)
> - memcpy(p_wrap_around, p_buffer->p_buffer + l_bytes1, l_bytes2);
> + {
> + i_size = ( p_buffer->i_buffer - l_bytes1 < l_bytes2 ) ? p_buffer->i_buffer - l_bytes1 : l_bytes2;
> + memcpy( p_wrap_around, p_buffer->p_buffer + l_bytes1, i_size );
> + }
> block_Release( p_buffer );
>
I don't think it's useful. The whole point of the dwBytes arg of
IDirectSoundBuffer_Lock is to avoid that l_bytes1 + l_bytes2 > dwBytes.
Regards,
--
Denis Charmet - TypX
Le mauvais esprit est un art de vivre
More information about the vlc-devel
mailing list