Some games repeatedly query for the first track's position during
playback, perhaps as a dual-purpose "CDROM health/heart-beat"
check.
This excessive console output in DEBUG mode tends to add far more
noise than signal, and prevents the maintainer from seeing the
overall flow of the CDROM calls.
Moves to using a member vector to provide a persistent buffer,
instead of repeatedly allocating and deleting memory on every
invocation (during DAE, this can be called hundreds of times
per second, with requsts of up 24 sectors or ~56KB of memory
per call).
The buffer is only resized upward, which avoids 'zig-zag'
re-allocations when switching between raw (2352-byte) and cooked
(2048-byte) sectors.
Only writes as much data was was successfully read into
the DOS program's buffer, avoiding (potential) garbage-fill.
This commit:
- Adds more sanity checks and comments
- Lets the seek() function to take care of monitoring the track's
post-seek decode position, instead of managing it in read(..).
- Adds in-place conversion from mono-to-stereo
- Adds micro-second-level DEBUG timing around the mono converter
- Makes use of the more intuitive ceil_divide() support function
to avoid excessive casting and floating-point conversion.
This commit:
- Comments why we convert from byte-to-time offset.
- Checks for underlying stream validity before seeking.
- Tracks the new as-seeked decode position.
- Skips seeking if it's unecessary.
- Adds DEBUG messaging and a warning if the seek took
longer than that of an average physical CDROM.
The commit refines several types to their logical use-cases.
For example, a CDROM will at-most contain 400,000 sectors and be
less than 1B bytes in size. Likewise, both are 'physical'
quantities and this should always be zero-or-greater
(therefore, uint32_t is used).
Fortunately, there are almost no cases where these values are
overloaded to mean something else (ie: negative return codes to
indicate failure).
Besides eliminating many implicit cast warnings, differing-signed
comparison warnings, and overflowable type-cast warnings, the
more correct use of types helps logically bound expectations of the
values they contain, which should improve maintainability.
Context: The codecs implement a read-write callback function
(RWops) used to read N bytes from the underlying binary stream
into a buffer. In some cases, a codec might only return a
subset of the requested bytes and requires subsequent read()
requests to get the remaining bytes. Internally, the codec
might have to reposition or run second decode sequence to get
the bytes.
The RWops callbacks for the various codecs were inconsistently
implemented: some performed the above mentioned subsequent
re-read attempts while others simply accepted whatever we got
after the first read attempt. This commit makes them the same
by attempting to re-read ("get the requested bytes at all
costs") until the underly stream goes EOF.
Some of these RWops functions also contained a book-keeping
bug from upstream that resulted in over-reading after
under-delivering on the first read attempt. The concequence
being that too much data would be written to the buffer
(writing past its end) and leaving the underlying stream's
file position too-far-forward.
- Cleanup some types where precision is lost.
- Explicitly cast between types (fixes all effc++ warnings)
- Simplify lossy and cast-heavy floating-point coversions with ceil_divide
1. Moves the mutex and mixer channel members to unique pointers
2. Moves the trackFile to a weak pointer
3. Move member initialization to the class definition
This class still retains a raw *cd member, however fixing this
ripples up to the array of [26] CD images, and across more
code that generically deals with mount points; so this work
remains to do.
The Gravis UltraSound emulator generates undistorted stereo output
at playback frequency of 11025 Hz and powers-of-two multiples greater,
such 22050 Hz and 44100 Hz.
At frequencies that are not multiples of 11025 Hz; such as
49716, 48000, 32000, 16000, and 8000 Hz; playback is distorted by
the addition of ringing and stereo separation is lost.
This commit constrains the configurable GUS playback frequencies
to 44100, 22050, and 11025 Hz.
It also corrects the spelling of "UltraSound", which was previously
spelled "Ultrasound".
First parameter to function 'strchr' is marked a nonnull. If null is
passed as args there's no point in looking for flags. This function is
always used in the beginning of all internal macros through HELP macro
to detect /? flag.
Coverity detects possible division by zero in calculation of spkr.min_tr
few lines below; this is a false-positive issue detected by Coverity,
but only bacause int value passed by user has a set of pre-determined
values. We can as well make sure that value is never going to be
smaller than the minimum allowed.
Most MinGW versions work correctly with and without _POSIX_C_SOURCE
or XOPEN macros [1] and don't need any special handling, but some
installations refuse to work correctly.
To be more precise: *some* MinGW installations turn off POSIX support
after turning on -std=c++11 WITHOUT -ansi -Wpedantic, -pedantic-errors
and similar. This behaviour is inconsistent between various Windows
versions and MinGW distributions and manifests itself only when using
GCC (Clang behaves correctly).
[1] https://www.gnu.org/software/libc/manual/html_node/Feature-Test-Macros.html
This buffer overrun could happen if implementer forgets to fill pointer
svga.set_clock, but calls VGA_SetClock with index out of bounds.
Placing assert in here should clear out false positives detected by
Coverity.
Coverity reports a number of buffer overflows here.
The code was written in a way, that effectively made it hard for static
analysis to prove the buffer overflow does not happen, but the code
itself was safe.
Update it to avoid repetition and use snprintf, that guarantees no
buffer overflow will happen, and buffer will always be zero-delimited.
This buffer overflow was easy to trigger by just running:
Z:\> path <very-long-string>
We avoid the problem by using snprintf, which will trim input to
the length passed as second parameter.
Many DOS games open all their files in write-mode regardless if the
game actually intends to write to them or not.
This can result the files' metadata being updated (lossing the
original date-stamp) as well as putting the file at-risk of
corruption if the game crashes with the file open for writing.
Under the existing DOSBox implementation, if a user attempts to
write-protect their data files then DOSBox will quit with an error in
the above scenario.
This commit allows the use of write-protected files (similar to
running a game from CDROM) and indicates which files are being
actively protected against modification.
Typically the only files that need to be left writable are those that
the game actually changes, such as: save-game files, highscore
files, in-game settings, and so on. If these are also protected,
then the game will quit/crash immediately after the protected message
is printed, and thus indicate which file require write-allowance.
This code made silent assumption that first fields in direntry are
exactly 14 bytes - this was fine, except would break as soon as anyone
would touch the struct (or e.g. if a compiler would lack support for
packed structures and inject some padding in there); rewrite the copy
code to follow the same pattern as other fields - now the code will be
fine even if someone will change fields in the direntry struct.
Fixes 2 PVS static analysis issues (buffer underflow on src and dst).
Effect is the same, except packed values are not referenced via pointer
so there's no address-of-packed-member warning, and no need for
unaligned memory access.
