Tracker: Bugs
5
integer overflow causing to write out of array bounds in al_ - ID: 2890940
Last Update: Comment added ( dogguts )
the function hash_sound (in src/aldrv/al_listen.cpp:31) takes a (signed)
int as argument, however when called it is passed an ALuint
(OurSound::buffer, src/aldrv/al_globals.h)
This causes an integer overflow, resulting in a negative 'hash', resulting
in an out of bound read or write of playingbuffers.
gdb output attached
Nobody/Anonymous
Crashes
SVN
Public
Comment ( 1 )
|
Date: 2009-11-02 21:23 >This causes an integer overflow, resulting in a negative 'hash', |
Log in to comment.
Attached Files ( 2 )
| Filename | Description | Download |
|---|---|---|
| 2890940.diff | +int hash_sound (const uint buffer) { | Download |
| hash_sound_segv.txt | gdb output including backtrace and variable values | Download |
Changes ( 2 )
| Field | Old Value | Date | By |
|---|---|---|---|
| File Added | 349256: 2890940.diff | 2009-11-02 21:22 | dogguts |
| File Added | 349254: hash_sound_segv.txt | 2009-11-02 21:19 | dogguts |
