| Summary: | SDL_ConvertAudio crashes | ||
|---|---|---|---|
| Product: | SDL | Reporter: | Mārtiņš Možeiko <mm.5p4mbox> |
| Component: | audio | Assignee: | Ryan C. Gordon <icculus> |
| Status: | RESOLVED FIXED | QA Contact: | Sam Lantinga <slouken> |
| Severity: | critical | ||
| Priority: | P2 | ||
| Version: | HG 2.0 | ||
| Hardware: | x86 | ||
| OS: | Windows 7 | ||
| Attachments: |
Reproducing crash
patch for sdlgenaudiocvt.pl |
||
|
Description
Mārtiņš Možeiko
2010-07-01 02:09:21 UTC
Created attachment 513 [details]
Reproducing crash
Created attachment 549 [details]
patch for sdlgenaudiocvt.pl
Reproducible here under Windows and Linux. Looking at the code for SDL_Upsample_S16LSB_2c:
const int dstsize = (int) (((double)cvt->len_cvt) * cvt->rate_incr);
Sint16 *dst = ((Sint16 *) (cvt->buf + dstsize)) - 2;
const Sint16 *target = ((const Sint16 *) cvt->buf) - 2;
while (dst > target) {
dst[1] = ((Sint16) SDL_SwapLE16(sample1));
dst[0] = ((Sint16) SDL_SwapLE16(sample0));
dst -= 2;
...
if dstsize is odd (and therefore dst), it'll write to target[1] which is one byte before the allocated buf.
The attached patch to sdlgenaudiocvt.pl changes dst > target to dst >= target, and removes the - $channels for the upsample case. The patch is not fully tested, but seems to work here.
Looks good, thanks! http://hg.libsdl.org/SDL/rev/ba275696ab7a |