Commit cc957a6b authored by Kevin Daudt's avatar Kevin Daudt 💻
Browse files

community/sdl_mixer: patch off-by-one error

https://github.com/libsdl-org/SDL_mixer/issues/299
parent 2a840115
......@@ -2,14 +2,16 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=sdl_mixer
pkgver=1.2.12
pkgrel=1
pkgrel=2
pkgdesc="A simple multi-channel audio mixer"
url="http://www.libsdl.org/projects/SDL_mixer/"
arch="all"
license="BSD-3-Clause"
makedepends="sdl-dev libvorbis-dev libmikmod-dev flac-dev linux-headers"
subpackages="$pkgname-dev"
source="https://www.libsdl.org/projects/SDL_mixer/release/SDL_mixer-$pkgver.tar.gz"
source="https://www.libsdl.org/projects/SDL_mixer/release/SDL_mixer-$pkgver.tar.gz
fix-off-by-one-error-in-load-instrument.patch
"
builddir="$srcdir"/SDL_mixer-$pkgver
prepare() {
......@@ -37,4 +39,5 @@ package() {
make DESTDIR="$pkgdir" install
}
sha512sums="230f6c5a73f4bea364f8aa3d75f76694305571dea45f357def742b2b50849b2d896af71e08689981207edc99a9836088bee2d0bd98d92c7f4ca52b12b3d8cf96 SDL_mixer-1.2.12.tar.gz"
sha512sums="230f6c5a73f4bea364f8aa3d75f76694305571dea45f357def742b2b50849b2d896af71e08689981207edc99a9836088bee2d0bd98d92c7f4ca52b12b3d8cf96 SDL_mixer-1.2.12.tar.gz
d92497e21aa1c6c9e1b3a5e64415ee5cb8033826dc05e8cc8f4190201856bd2f77d62c85455547329d2da3a3918b7c4c23756a27dc45d79c6c4af7cc8552830f fix-off-by-one-error-in-load-instrument.patch"
Url: https://github.com/libsdl-org/SDL_mixer/issues/299
From 8367bc3ed276dd46f94e6bdad17034374c1feb5e Mon Sep 17 00:00:00 2001
From: Ozkan Sezer <sezeroz@gmail.com>
Date: Wed, 17 Feb 2021 11:50:10 +0300
Subject: [PATCH] fix off-by-one buffer overflow in load_instrument (github bug
#299)
---
timidity/instrum.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/timidity/instrum.c b/timidity/instrum.c
index 25f6e9a..d8584ae 100644
--- a/timidity/instrum.c
+++ b/timidity/instrum.c
@@ -669,8 +669,8 @@ static InstrumentLayer *load_instrument(const char *name, int font_type, int per
{
goto fail;
}
- sp->data = safe_malloc(sp->data_length + 1);
- lp->size += sp->data_length + 1;
+ sp->data = safe_malloc(sp->data_length + 2);
+ lp->size += sp->data_length + 2;
if (1 != fread(sp->data, sp->data_length, 1, fp))
goto fail;
@@ -822,7 +822,7 @@ static InstrumentLayer *load_instrument(const char *name, int font_type, int per
uint8 *gulp,*ulp;
int16 *swp;
int l=sp->data_length >> FRACTION_BITS;
- gulp=ulp=safe_malloc(l+1);
+ gulp=ulp=safe_malloc(l+2);
swp=(int16 *)sp->data;
while(l--)
*ulp++ = (*swp++ >> 8) & 0xFF;
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment