We are currently migrating Bugzilla to GitHub issues.
Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.
When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.

Bug 911 - array overflows in SDL_audiotypecvt.c
Summary: array overflows in SDL_audiotypecvt.c
Status: RESOLVED FIXED
Alias: None
Product: SDL
Classification: Unclassified
Component: audio (show other bugs)
Version: HG 2.0
Hardware: Other Linux
: P2 critical
Assignee: Ryan C. Gordon
QA Contact: Sam Lantinga
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-12-18 09:10 UTC by Terry Welsh
Modified: 2009-12-28 00:31 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Terry Welsh 2009-12-18 09:10:40 UTC 
All of the oversampling and undersampling functions in SDL_audiotypecvt.c contain the line:

while (dst != target) {

Some or all of these functions are prone to array overflows because sometimes dst will be increased or decreased by an amount that skips over target.  Changing != to < or > depending on whether dst is being increased or decreased corrects the problem.

One way to aggravate this problem is to call Mix_OpenAudio with a frequency of 44.1kHz and then try to load a 48000kHz sound.

This solution might leave some bytes at the end of arrays that have not been written to.  If this is a problem, perhaps more careful sizing of the arrays is necessary.
Comment 1 Sam Lantinga 2009-12-24 11:20:53 UTC 
Ryan is currently working on this.  Ryan, what's your progress so far?
Comment 2 Ryan C. Gordon 2009-12-28 00:31:08 UTC 
Fixed in svn revision #5438. I'm not entirely pleased with the current resampling code, but this fixes the immediate problem.

--ryan.