search

Cycling74 / max-sdk

Software Development Kit for Max by Cycling '74
Other
262 stars 57 forks source link

exploit about a buffer~ : a object can manipulate locked buffer~ #31

Closed leico closed 5 years ago

leico commented 5 years ago

Hello C74 Dev team.

In this time, I would like to talk about:

https://github.com/Cycling74/max-sdk/blob/e61bf737b2c6c0ad0680d9964ab0ecfa22b398dd/source/c74support/msp-includes/ext_buffer.h#L118 https://github.com/Cycling74/max-sdk/blob/e61bf737b2c6c0ad0680d9964ab0ecfa22b398dd/source/c74support/msp-includes/ext_buffer.h#L33

buffer_locksamples returned raw pointer. Also t_buffer_info.b_samplesis same. If a object keep this address, object can manipulate buffer~ at any time. Those are sample code. https://gist.github.com/leico/c98e1f23a9e6969bdd550dd32238af71

I have two solutions. First, write more document, above pointer would may handled so carefully. This way would be the fastest. Second, manipulate with t_buffer_ref and checking permission, like

t_max_err buffer_ref_read(t_buffer_ref *buffer_reference, float* data_array, const size_t size);
t_max_err buffer_ref_write(t_buffer_ref * buffer_reference, const float* data_array, const size_t size);
t_max_err buffer_ref_read(t_buffer_ref *buffer_reference, float* data_array, const_size_t size){

  if (buffer_reference == NULL )
    return MAX_ERR_GENERIC;
  if( _accessing_buffer_ref != NULL && _accessing_buffer_ref != buffer_reference )
    return MAX_ERR_GENERIC;

  ......

It is little bit speed down but stable.

Thanks to read.

tap commented 5 years ago

Thanks for the note @leico. It's true that the traditional C API of Max requires all coders to be diligent and good citizens. It is very difficult to change the traditional API because of the potential breakage of code our many values third-parties have written in the past.

One of the goals with the new C++ API that we have in progress is to provide safer interfaces to Max's resources, including buffer~.

If you are interested in checking out this newer approach, take a look at https://github.com/Cycling74/min-devkit

Cheers! Tim

leico commented 5 years ago

Hello @tap , thank you reply.

Yes I am interested in min-devkit, because I like strict C++. Will MaxSDK be replaced min-devkit in the future? If yes, I should to update my externals and I have to join the new wave.

tap commented 5 years ago

The Min-DevKit should be considered an alternative to (not a replacement for) the traditional Max-SDK. There are no plans to abandon the existing SDK and in fact Min is build as a lightweight layer on top of the existing SDK.

Hope this helps!