From: ratchov <ratchov@openbsd.org>
Date: Tue, 29 Jul 2008 05:59:11 +0000 (+0000)
Subject: When paused (or overrun), the record ring pointers are not incremented
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=6e1f093620f2da990d9ae21d42086d057f5083e0;p=openbsd

When paused (or overrun), the record ring pointers are not incremented
properly in audio_rint(), the periodic boundary conditions aren't met. This
causes, later read(2) to return EFAULT while trying to access unmapped
regions of the kernel address space. Fix this by using the correct pointer
arithmetic.

ok jakemsr@
---

diff --git a/sys/dev/audio.c b/sys/dev/audio.c
index 7fba234145e..3cea132b15e 100644
--- a/sys/dev/audio.c
+++ b/sys/dev/audio.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: audio.c,v 1.95 2008/04/21 00:32:42 jakemsr Exp $	*/
+/*	$OpenBSD: audio.c,v 1.96 2008/07/29 05:59:11 ratchov Exp $	*/
 /*	$NetBSD: audio.c,v 1.119 1999/11/09 16:50:47 augustss Exp $	*/
 
 /*
@@ -2227,11 +2227,15 @@ audio_rint(void *v)
 		DPRINTFN(1, ("audio_rint: pdrops %lu\n", cb->pdrops));
 		cb->pdrops += blksize;
 		cb->outp += blksize;
+		if (cb->outp >= cb->end)
+			cb->outp = cb->start;
 		cb->used -= blksize;
 	} else if (cb->used >= cb->usedhigh && !cb->copying) {
 		DPRINTFN(1, ("audio_rint: drops %lu\n", cb->drops));
 		cb->drops += blksize;
 		cb->outp += blksize;
+		if (cb->outp >= cb->end)
+			cb->outp = cb->start;
 		cb->used -= blksize;
 	}