Fixed bug 1014 - SDL_ConvertAudio crashes

The patch Mark attached looks good and valgrind gives it a clean bill of health: Mark.Howson@ntu.ac.uk 2010-12-15 07:45:25 PST Reproducible here under Windows and Linux. Looking at the code for SDL_Upsample_S16LSB_2c: const int dstsize = (int) (((double)cvt->len_cvt) * cvt->rate_incr); Sint16 *dst = ((Sint16 *) (cvt->buf + dstsize)) - 2; const Sint16 *target = ((const Sint16 *) cvt->buf) - 2; while (dst > target) { dst[1] = ((Sint16) SDL_SwapLE16(sample1)); dst[0] = ((Sint16) SDL_SwapLE16(sample0)); dst -= 2; ... if dstsize is odd (and therefore dst), it'll write to target[1] which is one byte before the allocated buf. The attached patch to sdlgenaudiocvt.pl changes dst > target to dst >= target, and removes the - $channels for the upsample case. The patch is not fully tested, but seems to work here.

Fixed bug 1014 - SDL_ConvertAudio crashes
The patch Mark attached looks good and valgrind gives it a clean bill of health: Mark.Howson@ntu.ac.uk 2010-12-15 07:45:25 PST Reproducible here under Windows and Linux. Looking at the code for SDL_Upsample_S16LSB_2c: const int dstsize = (int) (((double)cvt->len_cvt) * cvt->rate_incr); Sint16 *dst = ((Sint16 *) (cvt->buf + dstsize)) - 2; const Sint16 *target = ((const Sint16 *) cvt->buf) - 2; while (dst > target) { dst[1] = ((Sint16) SDL_SwapLE16(sample1)); dst[0] = ((Sint16) SDL_SwapLE16(sample0)); dst -= 2; ... if dstsize is odd (and therefore dst), it'll write to target[1] which is one byte before the allocated buf. The attached patch to sdlgenaudiocvt.pl changes dst > target to dst >= target, and removes the - $channels for the upsample case. The patch is not fully tested, but seems to work here.
a9bcdb83 · Sam Lantinga · 6ebbe99d · a9bcdb83 · a9bcdb83
Commit a9bcdb83 authored Jan 08, 2012 by Sam Lantinga
Show whitespace changes
Inline Side-by-side

Showing with 304 additions and 304 deletions

SDL_audiotypecvt.c src/audio/SDL_audiotypecvt.c +300 -300

sdlgenaudiocvt.pl src/audio/sdlgenaudiocvt.pl +4 -4

No files found.
--- a/src/audio/SDL_audiotypecvt.c
+++ b/src/audio/SDL_audiotypecvt.c
--- a/src/audio/sdlgenaudiocvt.pl
+++ b/src/audio/sdlgenaudiocvt.pl
@@ -404,11 +404,11 @@ EOF
    # Upsampling (growing the buffer) needs to work backwards, since we
    #  overwrite the buffer as we go.
    if ($upsample) {
-        $endcomparison = '>';  # dst > target
+        $endcomparison = '>=';  # dst > target
        print <<EOF;
    $fctype *dst = (($fctype *) (cvt->buf + dstsize)) - $channels;
    const $fctype *src = (($fctype *) (cvt->buf + cvt->len_cvt)) - $channels;
-    const $fctype *target = ((const $fctype *) cvt->buf) - $channels;
+    const $fctype *target = ((const $fctype *) cvt->buf);
 EOF
    } else {
        $endcomparison = '<';  # dst < target
@@ -544,11 +544,11 @@ EOF
    # Upsampling (growing the buffer) needs to work backwards, since we
    #  overwrite the buffer as we go.
    if ($upsample) {
-        $endcomparison = '>';  # dst > target
+        $endcomparison = '>=';  # dst > target
        print <<EOF;
    $fctype *dst = (($fctype *) (cvt->buf + dstsize)) - $channels;
    const $fctype *src = (($fctype *) (cvt->buf + cvt->len_cvt)) - $channels;
-    const $fctype *target = ((const $fctype *) cvt->buf) - $channels;
+    const $fctype *target = ((const $fctype *) cvt->buf);
 EOF
    } else {
        $endcomparison = '<';  # dst < target