[Bug 27393] mmdevapi uninitialiased memory access and crash past rendering
wine-bugs at winehq.org
wine-bugs at winehq.org
Fri Jun 17 01:55:26 CDT 2011
http://bugs.winehq.org/show_bug.cgi?id=27393
--- Comment #2 from Jörg Höhle <hoehle at users.sourceforge.net> 2011-06-17 01:55:25 CDT ---
One major bug in winealsa is that AudioRenderClient_ReleaseBuffer uses
lcl_offs_frames to compute the buffer pointer supplied at GetBuffer time to the
application.
This is wrong because it is independently updated by the timer callback. As a
result of using a wrong buffer position, memset writes past the buffer's end,
which is exactly what Wine detects:
001f:err:heap:HEAP_ValidateInUseArena Heap 0x110000: block 0x4cca60 tail
overwritten at 0x4fb860 (byte 0/8 == 0x00)
--
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the wine-bugs
mailing list