Hi,

While reviewing the ringbuffer code in rtapi/ring.h, I noticed a buffer overflow bug.

In stream_write:

if (n2) {
	memcpy(&(ring->buf[t->tail + n1]), src + n1, n2);
	rtapi_smp_wmb();
	rtapi_store_u32(&t->tail, (t->tail + n1 + n2) & h->size_mask);
}

The memcpy should be:

memcpy(ring->buf, src + n1, n2);

Also the memory barrier is useless (the atomic store will issue one anyway), but that's another story.