sink: guard against zero frame size in free-frames#10937
Conversation
Free-frames divided the free size by the frame size, which is channels times sample size and can be zero when the channel count is zero. Return zero instead of dividing by zero. Signed-off-by: Liam Girdwood <liam.r.girdwood@linux.intel.com>
lgirdwood
requested review from
dbaluta,
kv2019i,
lbetlej,
mmaka1 and
plbossart
as code owners
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Prevents a divide-by-zero in sink_get_free_frames() when the computed frame size is zero (e.g., host provides channels == 0) by returning 0 frames instead.
Changes:
- Compute
frame_bytesonce insink_get_free_frames(). - Add an early return when
frame_bytesis zero to avoid division by zero. - Update comments to document why the guard exists (host-influenced inputs).
tmleman
left a comment
tmleman
left a comment
There was a problem hiding this comment.
Shouldn't we reject the case where the number of channels is equal to 0?
We should indeed, which makes me think we need some agentic rules that help define what valid/invalid configurations would look like for audio at a high level. i.e. to be consumed by the code generating agent and by the code reviewing agent. |
kv2019i
left a comment
kv2019i
left a comment
There was a problem hiding this comment.
Not sure about fixing this here
| /* frame_bytes is channels * sample_size and both are host-influenced; | ||
| * guard against a zero divisor (e.g. channels == 0) | ||
| */ | ||
| if (!frame_bytes) |
There was a problem hiding this comment.
This is a hot-path call. Should such checks be made at prepare() stage and not on the hot path?
There was a problem hiding this comment.
Agreed in principle. Two notes: the guard reuses the frame_bytes value that's already computed one line above and adds a single (well-predicted) branch, so the hot-path cost is essentially nil — the division it protects is the expensive part. But the root cause is channels_count == 0 from base_cfg reaching the audio_stream, and per my reply to Liam there's no central reject for that today. Options: (a) keep this defensive guard, or (b) reject channels_count == 0 once at module/base_cfg validation (a new central check) and drop this. (b) is the cleaner long-term fix but a broader core change. Happy to do (b) if you'd prefer — which way do you want it?
| /* frame_bytes is channels * sample_size and both are host-influenced; | ||
| * guard against a zero divisor (e.g. channels == 0) | ||
| */ | ||
| if (!frame_bytes) |
There was a problem hiding this comment.
We should reject a frame size of 0 bytes before we get to this call, is there a check higher in the stack that validates this ?
There was a problem hiding this comment.
I checked — there isn't a central one. sink_set_channels() stores whatever value it's given (no validation), and the only channel check in the params path (comp_buffer.c) is a mismatch check (stream channels vs params->channels), not a zero check. So a host base_cfg with channels_count == 0 currently propagates down to the audio_stream unguarded, which is what reaches this divide. There is no existing higher-stack reject.
sink_get_free_frames() divides the free byte count by the frame size, which
is channels * sample_size and can be zero when the channel count is zero
(host-influenced). Return 0 instead of dividing by zero.