audio: audio_generic_get_buffer_in should honor *size

The function generic_get_buffer_in currently ignores the *size
parameter and may return a buffer larger than *size.

As a result the variable samples in function
audio_pcm_hw_run_in may underflow. The while loop then most
likely will never termiate.

Buglink: http://bugs.debian.org/948658
Signed-off-by: Volker Rümelin <vr_qemu@t-online.de>
Message-Id: <20200123074943.6699-9-vr_qemu@t-online.de>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

diff --git a/audio/audio.c b/audio/audio.c
index b686429203d65b19e497b1351499c3a78a71f56e..f9859408f340133dbdddbca828a8909b97253d70 100644 (file)
--- a/audio/audio.c
+++ b/audio/audio.c
@@ -1407,7 +1407,8 @@ void *audio_generic_get_buffer_in(HWVoiceIn *hw, size_t *size)
     }
     assert(start >= 0 && start < hw->size_emul);
 
-    *size = MIN(hw->pending_emul, hw->size_emul - start);
+    *size = MIN(*size, hw->pending_emul);
+    *size = MIN(*size, hw->size_emul - start);
     return hw->buf_emul + start;
 }