mirror of
https://github.com/RGBCube/serenity
synced 2025-07-25 23:07:35 +00:00
Kernel/Audio: Fix buffer size underflow for non-page-aligned sizes
When the size of the audio data was not a multiple of a page size, subtracting the page size from this unsigned variable would underflow it close to 2^32 and be clamped to the page size again. This would lead to writes into garbage addresses because of an incorrect write size, interestingly only causing the write() call to error out. Using saturating math neatly fixes this problem and allows buffer lengths that are not a multiple of a page size.
This commit is contained in:
parent
07d712ea00
commit
f6af357763
1 changed files with 4 additions and 4 deletions
|
@ -207,12 +207,12 @@ ErrorOr<size_t> AC97::write(size_t channel_index, UserOrKernelBuffer const& data
|
|||
m_buffer_descriptor_list = TRY(MM.allocate_dma_buffer_pages(buffer_descriptor_list_size, "AC97 Buffer Descriptor List"sv, Memory::Region::Access::Write));
|
||||
}
|
||||
|
||||
auto remaining = length;
|
||||
Checked<size_t> remaining = length;
|
||||
size_t offset = 0;
|
||||
while (remaining > 0) {
|
||||
TRY(write_single_buffer(data, offset, min(remaining, PAGE_SIZE)));
|
||||
while (remaining > static_cast<size_t>(0)) {
|
||||
TRY(write_single_buffer(data, offset, min(remaining.value(), PAGE_SIZE)));
|
||||
offset += PAGE_SIZE;
|
||||
remaining -= PAGE_SIZE;
|
||||
remaining.saturating_sub(PAGE_SIZE);
|
||||
}
|
||||
|
||||
return length;
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue