From afe80742a5d39c3d7fb9fc3e104bd6d18bf28da9 Mon Sep 17 00:00:00 2001 From: Aidan MacDonald Date: Thu, 8 Apr 2021 10:03:28 +0100 Subject: [PATCH] Fix Pictureflow bugs It turns out that aa_cache.buf, used to store decoded album art during background scanning, was not correctly allocated and overlapped with memory allocated for buflib. This was what caused all the segfaults. Also fixed a logic error in read_pfraw(), which returns a buflib handle on success, but also returned 0 on failure -- since 0 is a valid buflib handle, it should return -1 on failure instead. Change-Id: Ifaa1c02ec19b0859e43c40c0462ed7738d07fec3 --- apps/plugins/pictureflow/pictureflow.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/apps/plugins/pictureflow/pictureflow.c b/apps/plugins/pictureflow/pictureflow.c index 5f700aac83..42930f0ff6 100644 --- a/apps/plugins/pictureflow/pictureflow.c +++ b/apps/plugins/pictureflow/pictureflow.c @@ -2311,7 +2311,7 @@ static int read_pfraw(char* filename, int prio) if (hid < 0) { rb->close( fh ); - return 0; + return -1; } rb->yield(); /* allow audio to play when fast scrolling */ @@ -2347,7 +2347,7 @@ static inline bool load_and_prepare_surface(const int slide_index, hash_album, hash_artist); int hid = read_pfraw(pfraw_file, prio); - if (!hid) + if (hid < 0) return false; pf_sldcache.cache[cache_index].hid = hid; @@ -3589,9 +3589,10 @@ static int pictureflow_main(void) pf_idx.buf_sz -= aa_bufsz; ALIGN_BUFFER(pf_idx.buf, pf_idx.buf_sz, 4); - aa_cache.buf = (char*) pf_idx.buf + aa_bufsz; + aa_cache.buf = (char*) pf_idx.buf; aa_cache.buf_sz = aa_bufsz; - ALIGN_BUFFER(aa_cache.buf, aa_cache.buf_sz, 4); + pf_idx.buf += aa_bufsz; + ALIGN_BUFFER(pf_idx.buf, pf_idx.buf_sz, 4); if (!create_empty_slide(pf_cfg.cache_version != CACHE_VERSION)) { config_save(CACHE_REBUILD); @@ -3613,7 +3614,7 @@ static int pictureflow_main(void) rb->buflib_init(&buf_ctx, (void *)pf_idx.buf, pf_idx.buf_sz); - if (!(empty_slide_hid = read_pfraw(EMPTY_SLIDE, 0))) + if ((empty_slide_hid = read_pfraw(EMPTY_SLIDE, 0)) < 0) { error_wait("Unable to load empty slide image"); return PLUGIN_ERROR;