We are currently migrating Bugzilla to GitHub issues.
Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.
When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.

Bug 2966 - Memory corruption in read_config_file() function
Summary: Memory corruption in read_config_file() function
Status: RESOLVED FIXED
Alias: None
Product: SDL_mixer
Classification: Unclassified
Component: misc (show other bugs)
Version: unspecified
Hardware: x86 Linux
: P2 critical
Assignee: Sam Lantinga
QA Contact: Sam Lantinga
URL:
Keywords:
: 2315 2872 (view as bug list)
Depends on:
Blocks:
 
Reported: 2015-04-29 09:58 UTC by Nitz
Modified: 2017-10-13 06:14 UTC (History)
1 user (show)

See Also:

Attachments
Patch is attached regarding memory corruption (483 bytes, patch)
2015-04-29 09:58 UTC, Nitz 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Nitz 2015-04-29 09:58:47 UTC 
Created attachment 2141 [details]
Patch is attached regarding memory corruption

#define MAXWORDS 10
In read_config_file() function:

      char tmp[PATH_MAX], *w[MAXWORDS], *cp;

      while (w[words] && (words < MAXWORDS))
      {
        w[++words]=strtok(0," \t\r\n\240");
        if (w[words] && w[words][0]=='#') break;
      }
Overrunning of array w happen at the index of 10.

Patch is attached for solution.

Thanks!!!
Comment 1 Ozkan Sezer 2015-05-03 09:04:50 UTC 
This is a dup of #2872
Comment 2 Sam Lantinga 2015-05-05 05:13:04 UTC 
*** Bug 2872 has been marked as a duplicate of this bug. ***
Comment 3 Sam Lantinga 2015-05-05 05:13:56 UTC 
*** Bug 2315 has been marked as a duplicate of this bug. ***
Comment 4 Sam Lantinga 2017-10-13 06:14:05 UTC 
This is fixed, thanks!