mirror of
https://github.com/libretro/RetroArch.git
synced 2025-01-18 23:04:25 +00:00
addbcc6487
retroarch.c:flush_rewind_audio() can potentially send up to audio_data.rewind_buf of 2048 frames (4096 samples) to audio_flush(). rarch_resampler_process() can potentially multiply the number of frames by AUDIO_MAX_RATIO, to 32768 frames. audio/jack.c:write_buffer() allocates a buffer of only 2048 frames on the stack, which can overflow. This reliably happens when rewinding in slow motion. Multiply the JACK driver buffer by AUDIO_MAX_RATIO to prevent overflow. However, DSP can also adjust the number of frames without limit. There is no DSP_MAX_RATIO, so check the number of frames in audio/jack.c:write_buffer() and truncate if they will not fit the buffer. This will cause garbled audio, but in practice it is unlikely to occur (DSP plugins do not usually add frames, flush_rewind_audio() does not usually send the maximum possible number of frames).