ardour/livetrax
13
0
Fork 0
Code

Fix LV2 Atom ringbuffer overflow/corruption

Browse Source 
Writing partial messages will lead to undefined behavior.
This does not generally happen (LV2 forge prevents overflow
of the Atom buffer itself), however if the GUI is frozen messages
may accumulate in Ardour's Ringbuffer.
This commit is contained in:
Robin Gareus 2022-11-13 00:23:12 +01:00
parent 376b50a6ae
commit 949f9e6051
Signed by: rgareus
GPG Key ID: A090BCE02CF57F04
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
libs/ardour/lv2_plugin.cc
View File

@ -1742,8 +1742,13 @@ LV2Plugin::write_to(RingBuffer<uint8_t>* dest,
const uint8_t* body)
{
const uint32_t buf_size = sizeof(UIMessage) + size;
vector<uint8_t> buf(buf_size);
if (dest->write_space () < buf_size) {
/* Do not write partial message */
return false;
}
vector<uint8_t> buf(buf_size);
UIMessage* msg = (UIMessage*)&buf[0];
msg->index = index;
msg->protocol = protocol;
@ -1781,6 +1786,11 @@ LV2Plugin::write_from_ui(uint32_t index,
_from_ui = new RingBuffer<uint8_t>(rbs);
}
if (_from_ui->write_space () < size) {
error << string_compose (_("LV2<%1>: Error writing from UI to plugin"), name()) << endmsg;
return false;
}
if (!write_to(_from_ui, index, protocol, size, body)) {
error << string_compose (_("LV2<%1>: Error writing from UI to plugin"), name()) << endmsg;
return false;