[Bug 19124] New: The Westerner: dsound heap overflow prevented by warn+heap

[wine-bugs at winehq.org]

http://bugs.winehq.org/show_bug.cgi?id=19124

           Summary: The Westerner: dsound heap overflow prevented by
                    warn+heap
           Product: Wine
           Version: 1.1.24
          Platform: PC
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: directx-dsound
        AssignedTo: wine-bugs at winehq.org
        ReportedBy: hoehle at users.sourceforge.net


Created an attachment (id=22087)
 --> (http://bugs.winehq.org/attachment.cgi?id=22087)
short backtrace

The Westerner crashes without WINEDEBUG=warn+heap in DSOUND_bufpos_to_mixpos()
100         DWORD ret = pos * 32 / device->pwfx->wBitsPerSample;

So either the application or dsound is guilty of heap corruption / producing
broken data.

With the memory fence installed by using WINEDEBUG=warn+heap, the application
seems to work "normally", except 2 lines are repeated very often and always in
pair:
err:dsound:DSOUND_MixInBuffer length not a multiple of block size, len = 5120,
block size = 64626
warn:heap:allocate_large_block Could not allocate block for fc720000 bytes

I tried out ALSA, emulation, 22050Hz 8bit, or default full HW (and also OSS
IIRC). No difference.
Note that in my test data from 2009-06-14, I required a native quartz.dll, but
one also gets this crash with pure Wine components, before quartz gets used.

Using Ubuntu 8.10 on Intel/SigmalTel/AC'97 audio HW.

-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.