[pulseaudio-discuss] [PATCH v1] bluetooth: Fix potential assertion failure due to unaligned packet size

[Mikel Astiz]

From: Mikel Astiz <mikel.astiz at bmw-carit.de>

While reading from the SCO socket, there is no guarantee regarding the
resulting packet size. In some rare cases, it might not even match the
alignment expected in pa_source_post(), resulting in an assertion
failure inside pa_volume_memchunk():

I: [alsa-sink] module-loopback.c: Could not peek into queue
I: [alsa-sink] module-loopback.c: Could not peek into queue
I: [alsa-sink] module-loopback.c: Could not peek into queue
E: [bluetooth] sample-util.c: Assertion 'pa_frame_aligned(c->length, spec)' failed at pulsecore/sample-util.c:725, function pa_volume_memchunk(). Aborting.

Program received signal SIGABRT, Aborted.
[Switching to Thread 0x7fffda98f700 (LWP 8058)]
0x00007ffff6177935 in raise () from /lib64/libc.so.6
Missing separate debuginfos, use: debuginfo-install alsa-lib-1.0.26-1.fc17.x86_64 dbus-libs-1.4.10-7.fc17.x86_64 flac-1.2.1-9.fc17.x86_64 glibc-2.15-58.fc17.x86_64 gsm-1.0.13-6.fc17.x86_64 json-c-0.10-2.fc17.x86_64 libICE-1.0.8-1.fc17.x86_64 libSM-1.2.1-1.fc17.x86_64 libX11-1.5.0-2.fc17.x86_64 libXau-1.0.6-3.fc17.x86_64 libXext-1.3.1-1.fc17.x86_64 libXi-1.6.1-1.fc17.x86_64 libXtst-1.2.0-3.fc17.x86_64 libogg-1.3.0-1.fc17.x86_64 libsndfile-1.0.25-2.fc17.x86_64 libtool-ltdl-2.4.2-3.1.fc17.x86_64 libudev-182-3.fc17.x86_64 libuuid-2.21.2-3.fc17.x86_64 libvorbis-1.3.3-1.fc17.x86_64 libxcb-1.9-1.fc17.x86_64 speex-1.2-0.14.rc1.fc17.x86_64
---
v1: Do not round down the packet size but instead just drop it entirely. Besides, improve comment with information about why this scenario could ever hold true.

 src/modules/bluetooth/module-bluetooth-device.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/modules/bluetooth/module-bluetooth-device.c b/src/modules/bluetooth/module-bluetooth-device.c
index 9e4a8f9..33b2afa 100644
--- a/src/modules/bluetooth/module-bluetooth-device.c
+++ b/src/modules/bluetooth/module-bluetooth-device.c
@@ -667,6 +667,17 @@ static int hsp_process_push(struct userdata *u) {
 
         pa_assert((size_t) l <= pa_memblock_get_length(memchunk.memblock));
 
+        /* In some rare occasions, we might receive packets of a very strange
+         * size. This could potentially be possible if the SCO packet was
+         * received partially over-the-air, or more probably due to hardware
+         * issues in our Bluetooth adapter. In these cases, in order to avoid
+         * an assertion failure due to unaligned data, just discard the whole
+         * packet */
+        if (!pa_frame_aligned(l, &u->sample_spec)) {
+            pa_log_warn("SCO packet received of unaligned size: %zu", l);
+            break;
+        }
+
         memchunk.length = (size_t) l;
         u->read_index += (uint64_t) l;
 
-- 
1.7.11.7