From 5658e188155aba3504cf687c9a335801d71f5111 Mon Sep 17 00:00:00 2001 From: Robin Gareus Date: Sun, 29 May 2022 19:37:23 +0200 Subject: [PATCH] Fix occasional crash at end of clip playback Previously it was possible to cause a 64bit signed to 32bit unsigned overflow. `from_stretcher` is pframes_t aka. uint32_t. With int64_t arguments a std::min() expression producing negative result will result in large 32bit values: (pframes_t) std::min(1024, 176400 - 187392) = 4294956304 This produced a segfault when used as n_samples to copy in buf.accumulate_from() --- libs/ardour/triggerbox.cc | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libs/ardour/triggerbox.cc b/libs/ardour/triggerbox.cc index 45ade94147..ecdaab54be 100644 --- a/libs/ardour/triggerbox.cc +++ b/libs/ardour/triggerbox.cc @@ -1954,7 +1954,7 @@ AudioTrigger::audio_run (BufferSet& bufs, samplepos_t start_sample, samplepos_t if (transition_samples + retrieved > expected_end_sample) { /* final pull from stretched data into output buffers */ // cerr << "FS#2 from ees " << final_processed_sample << " - " << process_index << " & " << from_stretcher; - from_stretcher = std::min ((samplecnt_t) from_stretcher, final_processed_sample - process_index); + from_stretcher = std::min (from_stretcher, std::max (0, final_processed_sample - process_index)); // cerr << " => " << from_stretcher << endl; DEBUG_TRACE (DEBUG::Triggers, string_compose ("%1 total retrieved data %2 exceeds theoretical size %3, truncate from_stretcher to %4\n", @@ -1979,7 +1979,8 @@ AudioTrigger::audio_run (BufferSet& bufs, samplepos_t start_sample, samplepos_t } else { /* no stretch */ - from_stretcher = (pframes_t) std::min ((samplecnt_t) nframes, (last_readable_sample - read_index)); + assert (last_readable_sample >= read_index); + from_stretcher = std::min (nframes, last_readable_sample - read_index); // cerr << "FS#3 from lrs " << last_readable_sample << " - " << read_index << " = " << from_stretcher << endl; }