@@ -576,9 +576,9 @@ static const USBDesc desc_audio_multi = {
struct streambuf {
uint8_t *data;
- uint32_t size;
- uint32_t prod;
- uint32_t cons;
+ size_t size;
+ uint64_t prod;
+ uint64_t cons;
};
static void streambuf_init(struct streambuf *buf, uint32_t size,
@@ -599,12 +599,14 @@ static void streambuf_fini(struct streambuf *buf)
static int streambuf_put(struct streambuf *buf, USBPacket *p, uint32_t channels)
{
- uint32_t free = buf->size - (buf->prod - buf->cons);
+ uint64_t free = buf->size - (buf->prod - buf->cons);
if (free < USBAUDIO_PACKET_SIZE(channels)) {
return 0;
}
+ /* can happen if prod overflows */
+ assert(buf->prod % USBAUDIO_PACKET_SIZE(channels) == 0);
usb_packet_copy(p, buf->data + (buf->prod % buf->size),
USBAUDIO_PACKET_SIZE(channels));
buf->prod += USBAUDIO_PACKET_SIZE(channels);
@@ -613,7 +615,7 @@ static int streambuf_put(struct streambuf *buf, USBPacket *p, uint32_t channels)
static uint8_t *streambuf_get(struct streambuf *buf, size_t *len)
{
- uint32_t used = buf->prod - buf->cons;
+ uint64_t used = buf->prod - buf->cons;
uint8_t *data;
if (!used) {
With stereo playback, they need about 375 minutes of continuous audio playback to overflow, which is usually not a problem (as stopping and later resuming playback resets the counters). But with 7.1 audio, they only need about 95 minutes to overflow. After the overflow, the buf->prod % USBAUDIO_PACKET_SIZE(channels) assertion no longer holds true, which will result in overflowing the buffer. With 64 bit variables, it would take some 762000 years to overflow. Signed-off-by: Kővágó, Zoltán <DirtY.iCE.hu@gmail.com> --- hw/usb/dev-audio.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-)