fecdec: Avoid fecdec output buffer overruns.

The size of the buffer tree pool of the amp filter is 64K, which
is smaller than BTRN_MAX_PENDING of buffer_tree.c (96K). The latter
value is used in btr_node_status() as follows. If input for a buffer
tree node is available and there is less than BTRN_MAX_PENDING bytes
in the output queue of the node, the function returns 1 to indicate
that the node should continue to process its input.

This can result in a fatal error condition when the buffer tree pool
fills up completely. Avoid this by increasing the pool size to 128K.

diff --git a/fecdec_filter.c b/fecdec_filter.c
index 2f0a67467b88923d28d21225e936bfca3010848c..691d696af6e3972ac9f2becf68c0712873fe9624 100644 (file)
--- a/fecdec_filter.c
+++ b/fecdec_filter.c
@@ -409,7 +409,7 @@ static int dispatch_slice(char *buf, size_t len, struct fec_header *h,
        ret = fec_new(k, n, &pfd->fec);
        if (ret < 0)
                return ret;
-       pfd->btrp = btr_pool_new("fecdec", 64 * 1024);
+       pfd->btrp = btr_pool_new("fecdec", 128 * 1024);
        /* decode and clear the first group */
        ret = decode_group(pfd->first_complete_group, fn);
        if (ret < 0)