bug #12349 patch: DSOUND_MixInBuffer Assertion `dsb->buf_mixpos + len <= dsb->tmp_buffer_len' failed

Hoehle, Joerg-Cyril Joerg-Cyril.Hoehle at t-systems.com
Tue May 6 10:07:44 CDT 2008


Hi,

0.9.60 and 0.9.61 were released after I sent my patch to this list so it seems my dsound heap overflow fix was overlooked.

-----Ursprüngliche Nachricht-----
Gesendet: Montag, 14. April 2008 16:55

Ref: http://bugs.winehq.org/show_bug.cgi?id=12349
Maarten Lankhorst asked me to submit my patch to wine-patches, so here it goes.

This patch code is put under the same copyright as wine as of version
0.9.58, c.f. src/git/wine/{LICENSE,COPYING.LIB}

2008-04-03  Jörg Höhle <hoehle at users.sourceforge.net>

	* dlls/dsound/mixer.c:
	dsound: fix heap off by one overflow in DSOUND_MixerVol.

--- dlls/dsound/mixer.c.orig    2008-01-17 10:14:34.000000000 +0100
+++ dlls/dsound/mixer.c         2008-04-03 22:26:33.000000000 +0200
@@ -444,7 +444,7 @@
        case 8:
                /* 8-bit WAV is unsigned, but we need to operate */
                /* on signed data for this to work properly */
-               for (i = 0; i < len; i+=2) {
+               for (i = 0; i < len-1; i+=2) {
                        *(bpc++) = (((*(mem++) - 128) * vLeft) >> 16) + 128;
                        *(bpc++) = (((*(mem++) - 128) * vRight) >> 16) + 128;
                }
@@ -453,7 +453,7 @@
                break;
        case 16:
                /* 16-bit WAV is signed -- much better */
-               for (i = 0; i < len; i += 4) {
+               for (i = 0; i < len-3; i += 4) {
                        *(bps++) = (*(mems++) * vLeft) >> 16;
                        *(bps++) = (*(mems++) * vRight) >> 16;
                }

The diff is against wine 0.9.58. Thank you all for wine.

Regards,
 Jörg Höhle



More information about the wine-patches mailing list