Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fixed bug 2670 - Possible memory overflow in Mix_LoadWAV_RW
Lee Salzman In mixer.c, Mix_LoadWAV_RW, there is the following code: wavecvt.len = chunk->alen & ~(samplesize-1); wavecvt.buf = (Uint8 *)SDL_calloc(1, wavecvt.len*wavecvt.len_mult); ... SDL_memcpy(wavecvt.buf, chunk->abuf, chunk->alen); That SDL_memcpy should rather be: SDL_memcpy(wavectf.buf, chunk->abuf, wavecvt.len); If you imagine that wavecvt.len_mult was 1 and samplesize was greater than 1 with wavecvt.len < chunk->alen, then it may overwrite.
- Loading branch information