From cbafb158b0c168a98fdacbf54c8a483e255ab3ba Mon Sep 17 00:00:00 2001 From: Sam Lantinga Date: Tue, 24 Jun 2014 01:38:21 -0700 Subject: [PATCH] Fixed bug 2467 - bad memcpy in SDL_OpenAudio/open_audio_device/prepare_audiospec chain Rainer Deyke If 'SDL_OpenAudio' is called with 'obtained == NULL', 'prepare_audiospec' performs a bad 'memcpy' with the destination and source pointing to the same block of memory. The problem appears to be on in 'SDL_OpenAudio', which calls open_audio_device with 'obtained = desired' when 'obtained == NULL'. 'open_audio_device' cannot deal with 'desired' and 'obtained' pointing to the same block of memory but can deal with 'obtained == NULL' --- src/audio/SDL_audio.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/audio/SDL_audio.c b/src/audio/SDL_audio.c index 2de22b280..af8247c29 100644 --- a/src/audio/SDL_audio.c +++ b/src/audio/SDL_audio.c @@ -1094,7 +1094,7 @@ SDL_OpenAudio(SDL_AudioSpec * desired, SDL_AudioSpec * obtained) id = open_audio_device(NULL, 0, desired, obtained, SDL_AUDIO_ALLOW_ANY_CHANGE, 1); } else { - id = open_audio_device(NULL, 0, desired, desired, 0, 1); + id = open_audio_device(NULL, 0, desired, NULL, 0, 1); } SDL_assert((id == 0) || (id == 1));