From 512c27d27770f6d27b8e10ac606302d784919c35 Mon Sep 17 00:00:00 2001
From: Robin Gareus <robin@gareus.org>
Date: Thu, 21 Nov 2019 23:37:31 +0100
Subject: [PATCH] Fix buffer-overflow when vari-speeding

Session::process() can call split-cycle which offset the
buffer pointers. When vari-speeding at speed > 1.0, the
engine also splits the cycle every n_samples, to not exceed
the configured buffersize. This needs to take prior buffer
offsets into account.
---
 libs/ardour/audioengine.cc | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/libs/ardour/audioengine.cc b/libs/ardour/audioengine.cc
index a491c9cc35..28666cd9db 100644
--- a/libs/ardour/audioengine.cc
+++ b/libs/ardour/audioengine.cc
@@ -447,11 +447,18 @@ AudioEngine::process_callback (pframes_t nframes)
 		} else {
 			pframes_t remain = Port::cycle_nframes ();
 			while (remain > 0) {
+				/* keep track of split_cycle() calls by Session::process */
+				samplecnt_t poff = Port::port_offset ();
 				pframes_t nf = std::min (remain, nframes);
 				_session->process (nf);
 				remain -= nf;
 				if (remain > 0) {
-					split_cycle (nf);
+					/* calculate split-cycle offset */
+					samplecnt_t delta = Port::port_offset () - poff;
+					assert (delta >= 0 && delta <= nf);
+					if (nf > delta) {
+						split_cycle (nf - delta);
+					}
 				}
 			}
 		}