On Tue, 12 Oct 2021 17:15:56 +0200, Pierre-Louis Bossart wrote: > > > In either way, the new_ptr has to be validated beforehand that it's > > within 0..boundary-1. (old_ptr is assumed to be valid.) > > In the 3 of the calls to pcm_lib_apply_appl_ptr(), the check is done > already prior to calling that function > if (appl_ptr >= runtime->boundary) > appl_ptr -= runtime->boundary; > err = pcm_lib_apply_appl_ptr(substream, appl_ptr); > > > it's rather unclear to me why the same check is not done for sync_ptr, e.g. > > if (!(sync_ptr.flags & SNDRV_PCM_SYNC_PTR_APPL)) { > err = pcm_lib_apply_appl_ptr(substream, > sync_ptr.c.control.appl_ptr); > > if (!(sflags & SNDRV_PCM_SYNC_PTR_APPL)) { > err = pcm_lib_apply_appl_ptr(substream, > scontrol.appl_ptr); > > Should I add a check there, or add a check inside of > pcm_lib_apply_appl_ptr() which would be a duplicate in the majority of > cases? I guess adding in pcm_lib_appl_appl_ptr() would be easier and safer. There is even one more place that is calling pcm_lib_apply_appl_ptr() in the very latest commit (a fix for a buggy 32bit compat ioctl). thanks, Takashi