We are currently migrating Bugzilla to GitHub issues.
Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.
When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.

Bug 2966

Summary:	Memory corruption in read_config_file() function
Product:	SDL_mixer	Reporter:	Nitz <nitin.j4>
Component:	misc	Assignee:	Sam Lantinga <slouken>
Status:	RESOLVED FIXED	QA Contact:	Sam Lantinga <slouken>
Severity:	critical
Priority:	P2	CC:	sezeroz
Version:	unspecified
Hardware:	x86
OS:	Linux
Attachments:	Patch is attached regarding memory corruption

Description Nitz 2015-04-29 09:58:47 UTC

Created attachment 2141 [details]
Patch is attached regarding memory corruption

#define MAXWORDS 10
In read_config_file() function:

      char tmp[PATH_MAX], *w[MAXWORDS], *cp;

      while (w[words] && (words < MAXWORDS))
      {
        w[++words]=strtok(0," \t\r\n\240");
        if (w[words] && w[words][0]=='#') break;
      }
Overrunning of array w happen at the index of 10.

Patch is attached for solution.

Thanks!!!

Comment 1 Ozkan Sezer 2015-05-03 09:04:50 UTC

This is a dup of #2872

Comment 2 Sam Lantinga 2015-05-05 05:13:04 UTC

*** Bug 2872 has been marked as a duplicate of this bug. ***

Comment 3 Sam Lantinga 2015-05-05 05:13:56 UTC

*** Bug 2315 has been marked as a duplicate of this bug. ***

Comment 4 Sam Lantinga 2017-10-13 06:14:05 UTC

This is fixed, thanks!

We are currently migrating Bugzilla to GitHub issues.Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.

Bug 2966

We are currently migrating Bugzilla to GitHub issues.
Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.
When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.