We are currently migrating Bugzilla to GitHub issues.
Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.
When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.

Bug 2604

Summary: Double free in LoadWAVStream function
Product: SDL_mixer Reporter: Nitz <nitin.j4>
Component: miscAssignee: Sam Lantinga <slouken>
Status: RESOLVED FIXED QA Contact: Sam Lantinga <slouken>
Severity: critical    
Priority: P2    
Version: 2.0.0   
Hardware: x86   
OS: Linux   
Attachments: Patch for double free issue in LoadWAVStream

Description Nitz 2014-06-25 06:09:14 UTC 
Created attachment 1709 [details]
Patch for double free issue in LoadWAVStream

In 
static SDL_RWops *LoadWAVStream (SDL_RWops *src, SDL_AudioSpec *spec,
                    long *start, long *stop)
{ 

/* Decode the audio data format */
    format = (WaveFMT *)chunk.data; //  Now both point to the same storage.
    if ( chunk.magic != FMT ) {
        SDL_free(chunk.data);  // frees chunk.data
        Mix_SetError("Complex WAVE files not supported");
        was_error = 1;
        goto done;
    }



done:
    if ( format != NULL ) {
        SDL_free(format); // frees pointer format which has already been freed.
    }
    if ( was_error ) {
        return NULL;
    }
    return(src);
}

Patch is attached for solution.

Cheers!!!

/Nitz
Comment 1 Sam Lantinga 2014-06-25 07:49:44 UTC 
Fixed, thanks!
https://hg.libsdl.org/SDL_mixer/rev/dd498db4e82e