[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1025204: marked as done (bullseye-pu: package speech-dispatcher/0.10.2-2+deb11u2)

Your message dated Sat, 17 Dec 2022 10:57:10 +0000
with message-id <03e9b90cf2f149b9e2835590c9ec0ccb048b744d.camel@adam-barratt.org.uk>
and subject line Closing p-u requests for fixes included in 11.6
has caused the Debian Bug report #1025204,
regarding bullseye-pu: package speech-dispatcher/0.10.2-2+deb11u2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1025204: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025204
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian.org@packages.debian.org
Usertags: pu

Hello,

I'd like to have version 0.10.2-2+deb11u2 of speech-dispatcher uploaded
to bullseye.

[ Reason ]
As reported on

https://github.com/espeak-ng/espeak-ng/issues/1554

there is a longstanding buffer overflow issue in espeak-ng. It
appears to users as artifacts in the speech that makes it sometimes
less inteligible. But since they are due to a buffer overflow, the
consequences could actually be way worse, notably since in the context
of a screen reader using espeak-ng as speech synthesis, the data
produced in the buffer comes from e.g. whatever webpage that the user is
browsing, thus potential for security issues.

This is not a regression from oldstable, since the bug has basically
always been there.

[ Impact ]
If it is no included, users will still hear artifacts, and would also
potentially be exposed to security issues due to the buffer overflows.

[ Tests ]
We made manual tests that confirmed that the change fixes the issue.
We also confirmed the buffer overflow in espeak-ng's valgrind/asan CI.

[ Risks ]
The change is very trivial. It makes the speech synthesis processing a
bit more expensive, but that will be very lightweight.

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in (old)stable
  [X] the issue is verified as fixed in unstable

[ Changes ]
The patch simply lowers the audio buffer size from 3s to 300ms.

3s was originally chosen so that large chunks of audio are processed
at a time, but this is what is making espeak-ng overflow its synthesis
buffers.

The exact overflows should ideally be fixed in espeak-ng of course, but
apparently this will be very involved, and it is way simpler to just
make speech-dispatcher not request so large buffers. espeak-ng itself
defaults to 60ms, and on Windows NVDA uses 300ms and does not suffer
from buffer overflows. In practice, the overflows that we observed in

https://github.com/espeak-ng/espeak-ng/issues/1554

happens with buffer around 900ms. 300ms seems a fairly safe value while
being not too small so as to process not-so-small chunks of audio at a
time.

Samuel

diff --git a/debian/changelog b/debian/changelog
index 6fea892..b6120a2 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+speech-dispatcher (0.10.2-2+deb11u2) bullseye; urgency=medium
+
+  * patches/buffer_size: Reduce espeak buffer size to avoid synth artifacts.
+
+ -- Samuel Thibault <sthibault@debian.org>  Wed, 30 Nov 2022 21:10:17 +0100
+
 speech-dispatcher (0.10.2-2+deb11u1) bullseye; urgency=medium
 
   * patches/generic-set-voice-name: Fix setting voice name for the generic
diff --git a/debian/patches/buffer_size b/debian/patches/buffer_size
new file mode 100644
index 0000000..2b13443
--- /dev/null
+++ b/debian/patches/buffer_size
@@ -0,0 +1,35 @@
+commit be4c3585ead45716b8f49300b50c30fdb6eee266
+Author: Alexander Epaneshnikov <aarnaarn2@gmail.com>
+Date:   Thu Nov 24 01:41:40 2022 +0300
+
+    espeak: set buffer size to 300
+    
+    this fixes #793
+    ref for buffer size: https://github.com/nvaccess/nvda/blob/a6fb2392083b5fa1bae926102135ad452746ad3c/source/synthDrivers/_espeak.py#L338
+
+diff --git a/config/modules/espeak-ng.conf b/config/modules/espeak-ng.conf
+index d02704e9..9677bc99 100644
+--- a/config/modules/espeak-ng.conf
++++ b/config/modules/espeak-ng.conf
+@@ -41,7 +41,7 @@ EspeakMaxRate 449
+ # -- Internal parameters --
+ 
+ # Number of ms of audio returned by the espeak callback function.
+-EspeakAudioChunkSize 3000
++EspeakAudioChunkSize 300
+ 
+ # Maximum number of samples to buffer in playback queue.
+ EspeakAudioQueueMaxSize 441000
+diff --git a/config/modules/espeak.conf b/config/modules/espeak.conf
+index 3abc422b..cbd453b7 100644
+--- a/config/modules/espeak.conf
++++ b/config/modules/espeak.conf
+@@ -41,7 +41,7 @@ EspeakMaxRate 449
+ # -- Internal parameters --
+ 
+ # Number of ms of audio returned by the espeak callback function.
+-EspeakAudioChunkSize 3000
++EspeakAudioChunkSize 300
+ 
+ # Maximum number of samples to buffer in playback queue.
+ EspeakAudioQueueMaxSize 441000
diff --git a/debian/patches/series b/debian/patches/series
index 1f09fb7..5619c8a 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,3 +2,4 @@ doc-figures
 systemd-debian
 mbrola-paths
 generic-set-voice-name
+buffer_size

--- End Message ---
--- Begin Message --- 
Package: release.debian.org
Version: 11.6

Hi,

Each of the updates referred to in these requests was included in this
morning's 11.6 point release.

Regards,

Adam

--- End Message ---
Reply to: