We are currently migrating Bugzilla to GitHub issues.
Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.
When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.

Bug 3610

Summary:	potential buffer overrun in timidity RWgets
Product:	SDL_sound	Reporter:	Ozkan Sezer <sezeroz>
Component:	everything	Assignee:	Ryan C. Gordon <icculus>
Status:	RESOLVED FIXED	QA Contact:	Ryan C. Gordon <icculus>
Severity:	normal
Priority:	P2
Version:	unspecified
Hardware:	All
OS:	All
Attachments:	RWgets() buffer overrun patch

Description Ozkan Sezer 2017-03-20 06:51:19 UTC

Created attachment 2705 [details]
RWgets() buffer overrun patch

timidity.c:RWgets() can result in a buffer overrun, because the num_read check
is off-by-one. The attached patch fixes it, and also simplifies the procedure
a bit.

Comment 1 Ryan C. Gordon 2017-05-24 16:02:07 UTC

This is now https://hg.icculus.org/icculus/SDL_sound/rev/f0d57c9b72d8 on the dev branch and https://hg.icculus.org/icculus/SDL_sound/rev/0c4026dd3274 on the stable-1.0 branch, thanks!

--ryan.

We are currently migrating Bugzilla to GitHub issues.Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.

Bug 3610

We are currently migrating Bugzilla to GitHub issues.
Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.
When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.