@@ -577,9 +577,9 @@ static const USBDesc desc_audio_multi = {
struct streambuf {
uint8_t *data;
- uint32_t size;
- uint32_t prod;
- uint32_t cons;
+ size_t size;
+ uint64_t prod;
+ uint64_t cons;
};
static void streambuf_init(struct streambuf *buf, uint32_t size,
@@ -600,7 +600,7 @@ static void streambuf_fini(struct streambuf *buf)
static int streambuf_put(struct streambuf *buf, USBPacket *p, uint32_t channels)
{
- uint32_t free = buf->size - (buf->prod - buf->cons);
+ int64_t free = buf->size - (buf->prod - buf->cons);
if (free < USBAUDIO_PACKET_SIZE(channels)) {
return 0;
@@ -609,6 +609,8 @@ static int streambuf_put(struct streambuf *buf, USBPacket *p, uint32_t channels)
return 0;
}
+ /* can happen if prod overflows */
+ assert(buf->prod % USBAUDIO_PACKET_SIZE(channels) == 0);
usb_packet_copy(p, buf->data + (buf->prod % buf->size),
USBAUDIO_PACKET_SIZE(channels));
buf->prod += USBAUDIO_PACKET_SIZE(channels);
@@ -617,10 +619,10 @@ static int streambuf_put(struct streambuf *buf, USBPacket *p, uint32_t channels)
static uint8_t *streambuf_get(struct streambuf *buf, size_t *len)
{
- uint32_t used = buf->prod - buf->cons;
+ int64_t used = buf->prod - buf->cons;
uint8_t *data;
- if (!used) {
+ if (used <= 0) {
*len = 0;
return NULL;
}
With stereo playback, they need about 375 minutes of continuous audio playback to overflow, which is usually not a problem (as stopping and later resuming playback resets the counters). But with 7.1 audio, they only need about 95 minutes to overflow. After the overflow, the buf->prod % USBAUDIO_PACKET_SIZE(channels) assertion no longer holds true, which will result in overflowing the buffer. With 64 bit variables, it would take about 762000 years to overflow. Signed-off-by: Kővágó, Zoltán <DirtY.iCE.hu@gmail.com> --- hw/usb/dev-audio.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-)