On Thursday 27 November 2003 15:33, Jay Cornwall wrote: > Daan Vreeken [PA4DAN] wrote: > > If you have time left, could you perhaps also have a look at kern/51186? > > I have filed it back in March and it's still open. (Fixes a memory > > corruption bug in ugen). > > I'm not a committer, I'm afraid, so it's probably best to get in touch with > the code maintainer. (imp_at_freebsd.org, if the PR is correct - he did reply > at the bottom of the PR) > > But from a brief look at the code, I can't see anything getting past this > line: if(sce->fill < sce->cur && sce->cur <= sce->fill + count) > > If sce->fill is less than sce->cur, then sce->cur can only be <= (sce->fill > + count) if count is negative. But I haven't studied the code that closely, > so maybe I'm just missing something obvious. :) It can. Imagine a buffer of 1000 bytes. sce->fill=980 and sce->cur=990. If we have to store 40 bytes, sce->fill (980) is smaller than sce->cur (990). And sce->cur (990) is smaller or equal to sce->fill + count (980+40=1020). After that count gets added to sce->cur ( sce->cur=990+40=1030). Now sce->cur is bigger than sce->limit so this line of code get execute : sce->cur = sce->ibuf + (sce->limit - sce->cur); Leading to : sce->cur = sce->ibuf + ( 1000 - 1030 ) = beginning-of-buffer - 30 ! In stead of : sce->cur = sce->ibuf + ( 1030 - 1000 ) = beginning-of-buffer + 30 grtz, DaanReceived on Thu Nov 27 2003 - 07:30:30 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:31 UTC