We are currently migrating Bugzilla to GitHub issues.
Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.
When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.

Bug 2467

Summary:	bad memcpy in SDL_OpenAudio/open_audio_device/prepare_audiospec chain
Product:	SDL	Reporter:	Rainer Deyke <rainerd>
Component:	audio	Assignee:	Sam Lantinga <slouken>
Status:	RESOLVED FIXED	QA Contact:	Sam Lantinga <slouken>
Severity:	normal
Priority:	P2
Version:	HG 2.0
Hardware:	All
OS:	All
Attachments:	Fix to 'SDL_OpenAudio', as described in bug description.

Description Rainer Deyke 2014-03-27 12:57:18 UTC

Created attachment 1599 [details]
Fix to 'SDL_OpenAudio', as described in bug description.

If 'SDL_OpenAudio' is called with 'obtained == NULL', 'prepare_audiospec' performs a bad 'memcpy' with the destination and source pointing to the same block of memory.  The problem appears to be on in 'SDL_OpenAudio', which calls open_audio_device with 'obtained = desired' when 'obtained == NULL'.  'open_audio_device' cannot deal with 'desired' and 'obtained' pointing to the same block of memory but can deal with 'obtained == NULL', so my proposed fix is to simply remove the special handling of 'obtained == NULL' from 'SDL_OpenAudio'.

Comment 1 Sam Lantinga 2014-06-24 08:41:30 UTC

Fixed, thanks!
https://hg.libsdl.org/SDL/rev/c9be8299ba6b

We are currently migrating Bugzilla to GitHub issues.Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.

Bug 2467

We are currently migrating Bugzilla to GitHub issues.
Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.
When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.