From 6e1f093620f2da990d9ae21d42086d057f5083e0 Mon Sep 17 00:00:00 2001 From: ratchov Date: Tue, 29 Jul 2008 05:59:11 +0000 Subject: [PATCH] When paused (or overrun), the record ring pointers are not incremented properly in audio_rint(), the periodic boundary conditions aren't met. This causes, later read(2) to return EFAULT while trying to access unmapped regions of the kernel address space. Fix this by using the correct pointer arithmetic. ok jakemsr@ --- sys/dev/audio.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/sys/dev/audio.c b/sys/dev/audio.c index 7fba234145e..3cea132b15e 100644 --- a/sys/dev/audio.c +++ b/sys/dev/audio.c @@ -1,4 +1,4 @@ -/* $OpenBSD: audio.c,v 1.95 2008/04/21 00:32:42 jakemsr Exp $ */ +/* $OpenBSD: audio.c,v 1.96 2008/07/29 05:59:11 ratchov Exp $ */ /* $NetBSD: audio.c,v 1.119 1999/11/09 16:50:47 augustss Exp $ */ /* @@ -2227,11 +2227,15 @@ audio_rint(void *v) DPRINTFN(1, ("audio_rint: pdrops %lu\n", cb->pdrops)); cb->pdrops += blksize; cb->outp += blksize; + if (cb->outp >= cb->end) + cb->outp = cb->start; cb->used -= blksize; } else if (cb->used >= cb->usedhigh && !cb->copying) { DPRINTFN(1, ("audio_rint: drops %lu\n", cb->drops)); cb->drops += blksize; cb->outp += blksize; + if (cb->outp >= cb->end) + cb->outp = cb->start; cb->used -= blksize; } -- 2.20.1