From a25d3a245b802f8fa2da7f381fabd887bfa985dd Mon Sep 17 00:00:00 2001 From: James McDonnell Date: Tue, 21 Feb 2017 15:32:08 -0500 Subject: Limit the size of the QnxAudioOutput stack buffer QnxAudioOutput allocates a buffer on the stack based on the free value from snd_pcm_plugin_status, but the way that QnxAudioOutput configures the stream, how QnxAudioOutput currently pauses playback, and a bug in io-audio combine to cause io-audio to produce very large free values when resuming playback after a long pause. As a result, QnxAudioOutput allocates a stack buffer that causes a stack overflow. Allocating a buffer on the stack with a size that isn't restrained in any way isn't a good idea. Put some constraints on the size. Change-Id: I2b72e72504041f0caeb591912662fb9bed931b21 Reviewed-by: Dan Cape Reviewed-by: Yoann Lopes --- src/plugins/qnx-audio/audio/qnxaudiooutput.cpp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'src/plugins') diff --git a/src/plugins/qnx-audio/audio/qnxaudiooutput.cpp b/src/plugins/qnx-audio/audio/qnxaudiooutput.cpp index d5805c2bd..5cfffe990 100644 --- a/src/plugins/qnx-audio/audio/qnxaudiooutput.cpp +++ b/src/plugins/qnx-audio/audio/qnxaudiooutput.cpp @@ -223,7 +223,10 @@ void QnxAudioOutput::pullData() if (frames == 0 || bytesAvailable < periodSize()) return; - const int bytesRequested = m_format.bytesForFrames(frames); + // The buffer is placed on the stack so no more than 64K or 1 frame + // whichever is larger. + const int maxFrames = qMax(m_format.framesForBytes(64 * 1024), 1); + const int bytesRequested = m_format.bytesForFrames(qMin(frames, maxFrames)); char buffer[bytesRequested]; const int bytesRead = m_source->read(buffer, bytesRequested); -- cgit v1.2.3