From 8b9862052b5ef2434616a5ef6379c81eb345763c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= Date: Sun, 17 Dec 2023 13:15:55 +0200 Subject: [PATCH] gstreamer: memory: Simplify and correct offset/size calculations in `mem_share()` This is all supposed to do unsigned wrapping arithmetic to calculate the new offsets and sizes, despite input parameters being signed integers. Part-of: --- gstreamer/src/memory_wrapped.rs | 24 +++++++++--------------- 1 file changed, 9 insertions(+), 15 deletions(-) diff --git a/gstreamer/src/memory_wrapped.rs b/gstreamer/src/memory_wrapped.rs index 3f3c828a1..a24471ba7 100644 --- a/gstreamer/src/memory_wrapped.rs +++ b/gstreamer/src/memory_wrapped.rs @@ -61,24 +61,18 @@ unsafe extern "C" fn mem_share( (*mem).mem.parent as *mut WrappedMemory<()> }; - // Actually an usize + // Offset and size are actually usizes and the API assumes that negative values simply wrap + // around, so let's cast to usizes here and do wrapping arithmetic. + let offset = offset as usize; let mut size = size as usize; + + let new_offset = (*mem).mem.offset.wrapping_add(offset); + debug_assert!(new_offset < (*mem).mem.maxsize); + if size == usize::MAX { - if offset < 0 { - size = (*mem).mem.size + (-offset as usize); - } else { - debug_assert!((*mem).mem.size >= offset as usize); - size = (*mem).mem.size - offset as usize; - } + size = (*mem).mem.size.wrapping_sub(offset); } - - let new_offset = if offset < 0 { - debug_assert!((*mem).mem.offset >= (-offset as usize)); - (*mem).mem.offset - (-offset as usize) - } else { - (*mem).mem.offset + offset as usize - }; - + debug_assert!(new_offset <= usize::MAX - size); debug_assert!(new_offset + size <= (*mem).mem.maxsize); let layout = alloc::Layout::new::>();