Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

fedora 24
obsolete weakness #265

1

Weakness Breakdown


Definition:

An obsolete weakness occurs when someone uses deprecated or obsolete functions when building a system. As a programming language evolves, some functions occasionally become obsolete.

Warning code(s):

This C routine is considered obsolete.

File Name:

Ardour-5.10.0/libs/backends/dummy/dummy_audiobackend.cc

Context:

The highlighted line of code below is the trigger point of this particular Fedora 24 obsolete weakness.

 			int opn = 0;
			int opc = _system_midi_out.size();
			for (std::vector<DummyAudioPort*>::const_iterator it = _system_inputs.begin (); it != _system_inputs.end (); ++it, ++opn) {
				DummyMidiPort* op = _system_midi_out[(opn % opc)];
				op->get_buffer(0); // mix-down
				(*it)->midi_to_wavetable (op->const_buffer(), _samples_per_period);
			}
		}

		if (!_freewheel) {
			_dsp_load_calc.set_start_timestamp_us (clock1);
			_dsp_load_calc.set_stop_timestamp_us (_x_get_monotonic_usec());
			_dsp_load = _dsp_load_calc.get_dsp_load_unbound ();

			const int64_t elapsed_time = _dsp_load_calc.elapsed_time_us ();
			const int64_t nominal_time = _dsp_load_calc.get_max_time_us ();
			if (elapsed_time < nominal_time) {
				const int64_t sleepy = _speedup * (nominal_time - elapsed_time);
				Glib::usleep (std::max ((int64_t) 100, sleepy));
			} else {
				Glib::usleep (100); // don't hog cpu
			}
		} else {
			_dsp_load = 1.0f;
			Glib::usleep (100); // don't hog cpu
		}

		/* beginning of next cycle */
		clock1 = _x_get_monotonic_usec();

		bool connections_changed = false;
		bool ports_changed = false;
		if (!pthread_mutex_trylock (&_port_callback_mutex)) {
			if (_port_change_flag) {
				ports_changed = true;
				_port_change_flag = false;
			}
			if (!_port_connection_queue.empty ()) {
				connections_changed = true;
			}
			while (!_port_connection_queue.empty ()) {
				PortConnectData *c = _port_connection_queue.back ();
				manager.connect_callback (c->a, c->b, c->c);
				_port_connection_queue.pop_back ();
				delete c;
			}
			pthread_mutex_unlock (&_port_callback_mutex);
		}
		if (ports_changed) {
			manager.registration_callback(); 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.