| Summary: | array overflows in SDL_audiotypecvt.c | ||
|---|---|---|---|
| Product: | SDL | Reporter: | Terry Welsh <mogumbo> |
| Component: | audio | Assignee: | Ryan C. Gordon <icculus> |
| Status: | RESOLVED FIXED | QA Contact: | Sam Lantinga <slouken> |
| Severity: | critical | ||
| Priority: | P2 | ||
| Version: | HG 2.0 | ||
| Hardware: | Other | ||
| OS: | Linux | ||
Ryan is currently working on this. Ryan, what's your progress so far? Fixed in svn revision #5438. I'm not entirely pleased with the current resampling code, but this fixes the immediate problem. --ryan. |
All of the oversampling and undersampling functions in SDL_audiotypecvt.c contain the line: while (dst != target) { Some or all of these functions are prone to array overflows because sometimes dst will be increased or decreased by an amount that skips over target. Changing != to < or > depending on whether dst is being increased or decreased corrects the problem. One way to aggravate this problem is to call Mix_OpenAudio with a frequency of 44.1kHz and then try to load a 48000kHz sound. This solution might leave some bytes at the end of arrays that have not been written to. If this is a problem, perhaps more careful sizing of the arrays is necessary.