diff options
| author | Alexandre Ratchov <ratchov@cvs.openbsd.org> | 2008-07-29 05:59:12 +0000 |
|---|---|---|
| committer | Alexandre Ratchov <ratchov@cvs.openbsd.org> | 2008-07-29 05:59:12 +0000 |
| commit | 76110db57e3c187388dd1a0403780bf12092c24d (patch) | |
| tree | 0018243e6f7b64a906b92ac78f67bdaad8c13e7b /sys | |
| parent | bb9476cd0416fad53e76854eea2a348d516f96ea (diff) | |
When paused (or overrun), the record ring pointers are not incremented
properly in audio_rint(), the periodic boundary conditions aren't met. This
causes, later read(2) to return EFAULT while trying to access unmapped
regions of the kernel address space. Fix this by using the correct pointer
arithmetic.
ok jakemsr@
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/dev/audio.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/sys/dev/audio.c b/sys/dev/audio.c index 7fba234145e..3cea132b15e 100644 --- a/sys/dev/audio.c +++ b/sys/dev/audio.c @@ -1,4 +1,4 @@ -/* $OpenBSD: audio.c,v 1.95 2008/04/21 00:32:42 jakemsr Exp $ */ +/* $OpenBSD: audio.c,v 1.96 2008/07/29 05:59:11 ratchov Exp $ */ /* $NetBSD: audio.c,v 1.119 1999/11/09 16:50:47 augustss Exp $ */ /* @@ -2227,11 +2227,15 @@ audio_rint(void *v) DPRINTFN(1, ("audio_rint: pdrops %lu\n", cb->pdrops)); cb->pdrops += blksize; cb->outp += blksize; + if (cb->outp >= cb->end) + cb->outp = cb->start; cb->used -= blksize; } else if (cb->used >= cb->usedhigh && !cb->copying) { DPRINTFN(1, ("audio_rint: drops %lu\n", cb->drops)); cb->drops += blksize; cb->outp += blksize; + if (cb->outp >= cb->end) + cb->outp = cb->start; cb->used -= blksize; } |