From 00e0ee291a22f52d1bbeedfcc7224faf36988031 Mon Sep 17 00:00:00 2001 From: Andre Noll Date: Sun, 1 Sep 2013 17:48:46 +0000 Subject: [PATCH] fecdec: Avoid fecdec output buffer overruns. The size of the buffer tree pool of the amp filter is 64K, which is smaller than BTRN_MAX_PENDING of buffer_tree.c (96K). The latter value is used in btr_node_status() as follows. If input for a buffer tree node is available and there is less than BTRN_MAX_PENDING bytes in the output queue of the node, the function returns 1 to indicate that the node should continue to process its input. This can result in a fatal error condition when the buffer tree pool fills up completely. Avoid this by increasing the pool size to 128K. --- fecdec_filter.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fecdec_filter.c b/fecdec_filter.c index 2f0a6746..691d696a 100644 --- a/fecdec_filter.c +++ b/fecdec_filter.c @@ -409,7 +409,7 @@ static int dispatch_slice(char *buf, size_t len, struct fec_header *h, ret = fec_new(k, n, &pfd->fec); if (ret < 0) return ret; - pfd->btrp = btr_pool_new("fecdec", 64 * 1024); + pfd->btrp = btr_pool_new("fecdec", 128 * 1024); /* decode and clear the first group */ ret = decode_group(pfd->first_complete_group, fn); if (ret < 0) -- 2.39.5