![(please configure the [header_logo] section in trac.ini)](/repos/chrome/site/pj.jpg)
Opened 18 years ago
Closed 17 years ago
#289 closed defect (fixed)
Bug in WAV player when frame size is larger than file buffer size (thanks Samuel Vinson)
| Reported by: | bennylp | Owned by: | bennylp |
|---|---|---|---|
| Priority: | normal | Milestone: | release-0.6.0 |
| Component: | pjmedia | Version: | 0.5.10.4 |
| Keywords: | Cc: | ||
| Backport to 1.x milestone: | Backported: |
Description
Samuel Vinson wrote in http://pjsip.org/pipermail/pjsip/2007-May/003286.html:
During nintendo ds porting,
I use playfile program (without modification), and I obtain an error
when callback play_cb is called.
Functions stack :
...
play_cb(strm->user_data, strm->timestamp, readbuffer, size=8192)
pjmedia_port_get_frame
file_get_frame
In file_get_frame function
fport->read_pos = 0x2075764
fport->buf = 0x2075764
fport->bufsize = 4000
and
frame_size = 8192
So we are in the else case
first pj_memcpy copies 4000 bytes
fill_buffer (I thing 4000 bytes)
second pj_memcpy copies 4192 bytes (!!!! BUG !!!)
If you call second times play_cb with the same parameters, the problem
is earlier :
fport->read_pos = 0x20767c4 (fport->buf + 4192)
fport->buf = 0x2075764
fport->bufsize = 4000
and
frame_size = 4096
So we are in the else case
first pj_memcpy tries to copy -192 bytes (0xffffff40) (!!! BUG !!!)
I will modify my sizes of buffer to be in lower part of the 4000 bytes
but this is a temporary solution.
Do you have another solution to correct this problems ?
Greetings
Samuel
Change History (1)
comment:1 Changed 17 years ago by bennylp
- Resolution set to fixed
- Status changed from new to closed
Note: See
TracTickets for help on using
tickets.
Workaround in r1322 (added assert to prevent application from specifying ptime larger than the buffer size)