osx_write: Be careful when dereferencing the private_data pointer.
authorAndre Noll <maan@systemlinux.org>
Tue, 7 Aug 2012 11:51:47 +0000 (13:51 +0200)
committerAndre Noll <maan@systemlinux.org>
Tue, 30 Oct 2012 12:24:32 +0000 (13:24 +0100)
When the main process stops the audio unit the callback might be
sleeping on the mutex and run one more time.

osx_write.c

index 73aa137..d278d02 100644 (file)
@@ -78,10 +78,14 @@ static OSStatus osx_callback(void *cb_arg, __a_unused AudioUnitRenderActionFlags
 {
        int i;
        struct writer_node *wn = cb_arg;
-       struct private_osx_write_data *powd = wn->private_data;
+       struct private_osx_write_data *powd;
        size_t samples_have, samples_want = 0;
 
+       powd = wn->private_data;
        mutex_lock(powd->mutex);
+       powd = wn->private_data;
+       if (!powd || !wn->btrn)
+               goto out;
        /*
         * We fill with zeros if no data was yet written and we do not have
         * enough to fill all buffers.
@@ -322,18 +326,18 @@ static void osx_write_post_select(__a_unused struct sched *s, struct task *t)
                btr_pushdown(btrn);
        if (ret < 0 && need_drain_delay(powd))
                ret = 0;
-       mutex_unlock(powd->mutex);
-
-       if (ret >= 0)
-               goto out;
+       if (ret >= 0) {
+               mutex_unlock(powd->mutex);
+               return;
+       }
        AudioOutputUnitStop(powd->audio_unit);
        AudioUnitUninitialize(powd->audio_unit);
        CloseComponent(powd->audio_unit);
        btr_remove_node(&powd->callback_btrn);
+       mutex_unlock(powd->mutex);
 remove_btrn:
        btr_remove_node(&wn->btrn);
        PARA_NOTICE_LOG("%s\n", para_strerror(-ret));
-out:
        t->error = ret;
 }