fix: prevent overflow in buffer size calculations

Author: roderickvd

CHANGELOG.md

@@ -84,13 +84,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - **AAudio**: Fix thread lock when a stream is dropped before it fully starts.
 - **AAudio**: Fix capture and playback timestamps falling back to time-zero on error.
 - **AAudio**: Fix capture and playback timestamp not accounting for audio pipeline buffer depth.
-- **AAudio**: Fix signed overflow in `buffer_capacity_in_frames` for large fixed buffer sizes.
+- **AAudio**: Fix overflow in `buffer_capacity_in_frames` for large fixed buffer sizes.
 - **ALSA**: Fix capture stream hanging or spinning on overruns.
 - **ALSA**: Fix non-monotonic `StreamInstant` during stream startup.
 - **ALSA**: Fix spurious timestamp errors during stream startup.
 - **ALSA**: Fix spurious timeout errors during polling.
 - **ALSA**: Fix rare panics when dropping the stream is interrupted.
 - **ALSA**: Fix timestamp overflows on 32-bit platforms.
+- **ALSA**: Fix overflow in `buffer_capacity_in_frames` for large fixed buffer sizes.
 - **ASIO**: Fix enumeration returning only the first device when using `collect()`.
 - **ASIO**: Fix device enumeration and stream creation failing when called from spawned threads.
 - **ASIO**: Fix buffer size not resizing when the driver reports `kAsioBufferSizeChange`.

src/host/alsa/mod.rs

@@ -1459,7 +1459,7 @@ fn set_hw_params_from_format(
     // buffer_size = 2x and period_size = x. This provides consistent low-latency
     // behavior across different ALSA implementations and hardware.
     if let BufferSize::Fixed(buffer_frames) = config.buffer_size {
-        hw_params.set_buffer_size_near((2 * buffer_frames) as alsa::pcm::Frames)?;
+        hw_params.set_buffer_size_near(2 * buffer_frames as alsa::pcm::Frames)?;
         hw_params
             .set_period_size_near(buffer_frames as alsa::pcm::Frames, alsa::ValueOr::Nearest)?;
     }

src/host/pulseaudio/mod.rs

@@ -501,14 +501,17 @@ fn make_playback_buffer_attr(
     match config.buffer_size {
         crate::BufferSize::Default => Default::default(),
         crate::BufferSize::Fixed(frame_count) => {
-            let len = frame_count * config.channels as u32 * format.bytes_per_sample() as u32;
+            let len =
+                (frame_count as u64 * config.channels as u64 * format.bytes_per_sample() as u64)
+                    .min(u32::MAX as u64) as u32;
+            let double_len = (len as u64 * 2).min(u32::MAX as u64) as u32;
             protocol::stream::BufferAttr {
                 // Double-buffer: total buffer = 2 callback periods. With
                 // adjust_latency this becomes the end-to-end latency target,
                 // Minimum request = one callback period, ensuring the server
                 // always asks for exactly frame_count frames per call.
-                max_length: 2 * len,
-                target_length: 2 * len,
+                max_length: double_len,
+                target_length: double_len,
                 minimum_request_length: len,
                 ..Default::default()
             }
@@ -523,7 +526,9 @@ fn make_record_buffer_attr(
     match config.buffer_size {
         crate::BufferSize::Default => Default::default(),
         crate::BufferSize::Fixed(frame_count) => {
-            let len = frame_count * config.channels as u32 * format.bytes_per_sample() as u32;
+            let len =
+                (frame_count as u64 * config.channels as u64 * format.bytes_per_sample() as u64)
+                    .min(u32::MAX as u64) as u32;
             protocol::stream::BufferAttr {
                 // fragment_size controls the delivery chunk size for record
                 // streams; target_length is playback-only and is ignored here.