Bug#679826: zsnes: segfaults on start in testing i386
Ron
ron at debian.org
Mon Jul 2 23:13:01 UTC 2012
On Mon, Jul 02, 2012 at 11:35:54AM +0200, Fabian Greffrath wrote:
> Am 02.07.2012 11:15, schrieb Fabian Greffrath:
> >_open_device(). I haven't digged through libao sources that much, but
> >I believe a more robust check in _sanitize_matrix() (which is where
> >the crash actually occurs) may be appropriate.
>
> The critical part is _sanitize_matrix() calling "char *ret =
> calloc(strlen(matrix)+1,1);" in src/audio_out.c line 633, whereas
> "matrix" can (and will) be garbage.
Well, no ... _sanitize_matrix() only gets called if format->matrix is
not NULL. So I don't really see what "more robust" check it could do.
If the caller sets format->matrix to point to an invalid memory location
there isn't really anything more that libao can do to validate that.
They could set it to &main with more or less equivalent results to leaving
it uninitialised, so only the caller is in a position to validate that is
sanely set before they pass it to libao.
More information about the Pkg-games-devel
mailing list