mirror of
https://gitlab.alpinelinux.org/alpine/aports.git
synced 2025-07-25 04:05:40 +03:00
35 lines
1.2 KiB
Diff
35 lines
1.2 KiB
Diff
Url: https://github.com/libsdl-org/SDL_mixer/issues/299
|
|
From 8367bc3ed276dd46f94e6bdad17034374c1feb5e Mon Sep 17 00:00:00 2001
|
|
From: Ozkan Sezer <sezeroz@gmail.com>
|
|
Date: Wed, 17 Feb 2021 11:50:10 +0300
|
|
Subject: [PATCH] fix off-by-one buffer overflow in load_instrument (github bug
|
|
#299)
|
|
|
|
---
|
|
timidity/instrum.c | 6 +++---
|
|
1 file changed, 3 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/timidity/instrum.c b/timidity/instrum.c
|
|
index 25f6e9a..d8584ae 100644
|
|
--- a/timidity/instrum.c
|
|
+++ b/timidity/instrum.c
|
|
@@ -669,8 +669,8 @@ static InstrumentLayer *load_instrument(const char *name, int font_type, int per
|
|
{
|
|
goto fail;
|
|
}
|
|
- sp->data = safe_malloc(sp->data_length + 1);
|
|
- lp->size += sp->data_length + 1;
|
|
+ sp->data = safe_malloc(sp->data_length + 2);
|
|
+ lp->size += sp->data_length + 2;
|
|
|
|
if (1 != fread(sp->data, sp->data_length, 1, fp))
|
|
goto fail;
|
|
@@ -822,7 +822,7 @@ static InstrumentLayer *load_instrument(const char *name, int font_type, int per
|
|
uint8 *gulp,*ulp;
|
|
int16 *swp;
|
|
int l=sp->data_length >> FRACTION_BITS;
|
|
- gulp=ulp=safe_malloc(l+1);
|
|
+ gulp=ulp=safe_malloc(l+2);
|
|
swp=(int16 *)sp->data;
|
|
while(l--)
|
|
*ulp++ = (*swp++ >> 8) & 0xFF;
|