We are currently migrating Bugzilla to GitHub issues.
Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.
When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.

Bug 3610 - potential buffer overrun in timidity RWgets
Summary: potential buffer overrun in timidity RWgets
Status: RESOLVED FIXED
Alias: None
Product: SDL_sound
Classification: Unclassified
Component: everything (show other bugs)
Version: unspecified
Hardware: All All
: P2 normal
Assignee: Ryan C. Gordon
QA Contact: Ryan C. Gordon
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-03-20 06:51 UTC by Ozkan Sezer
Modified: 2017-05-24 16:02 UTC (History)
0 users

See Also:

Attachments
RWgets() buffer overrun patch (1.19 KB, patch)
2017-03-20 06:51 UTC, Ozkan Sezer 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ozkan Sezer 2017-03-20 06:51:19 UTC 
Created attachment 2705 [details]
RWgets() buffer overrun patch

timidity.c:RWgets() can result in a buffer overrun, because the num_read check
is off-by-one. The attached patch fixes it, and also simplifies the procedure
a bit.
Comment 1 Ryan C. Gordon 2017-05-24 16:02:07 UTC 
This is now https://hg.icculus.org/icculus/SDL_sound/rev/f0d57c9b72d8 on the dev branch and https://hg.icculus.org/icculus/SDL_sound/rev/0c4026dd3274 on the stable-1.0 branch, thanks!

--ryan.