Bug#461519: libmikmod causes app to segfault or abort when loading multiple music files with varying number of channels.

Sat, 19 Jan 2008 00:10:31 -0800 

Package: libmikmod2
Version: 3.1.11-a-6
Severity: important
Tags: patch

There is bug in mikmod that causes an app to segfault or abort when
loading multiple music files with varying number of channels. This is
the same bug that I reported, and fixed, almost a year ago in
SDL-mixer, which until recently used an internal version of a slightly
older libmikmod. Here is the (now archived) bug report:
http://bugs.debian.org/422021

Previously, I believed that the latest version of libmikmod, which
Debian uses, was unaffected by this bug. I had done some preliminary,
non-conclusive tests in this regard. I was wrong. Libmikmod is indeed
affected.

I created and tested a patch for libmikmod, which fixes this bug, and
have included it with this report. Upstream SDL-mixer has incorporated
my patch in their latest svn. Debian SDL-mixer had been using my patch,
but re-broke when they decided to dynamically link against libmikmod
rather than use the SDL-mixer internal version (ironically, at my
suggestion). When you patch libmikmod, Debian and it's derivitaves will
no longer suffer from this bug (hopefully). It appears upstream is once
again being maintained, so hopefully this bug will one day soon be put
down once and for all.
 
-Brandon
--- mplayer.c.old	2008-01-18 23:12:22.000000000 -0800
+++ mplayer.c	2008-01-18 23:51:11.000000000 -0800
@@ -2318,7 +2318,7 @@
 	SAMPLE *s;
 
 	mod->totalchn=mod->realchn=0;
-	for (channel=0;channel<md_sngchn;channel++) {
+	for (channel=0;channel<pf->numchn;channel++) {
 		aout=&mod->voice[channel];
 		i=aout->main.i;
 		s=aout->main.s;
@@ -3086,7 +3086,7 @@
 		pf->patbrk=0;
 		pf->vbtick=pf->sngspd;
 
-		for (t=0;t<md_sngchn;t++) {
+		for (t=0;t<pf->numchn;t++) {
 			Voice_Stop_internal(t);
 			pf->voice[t].main.i=NULL;
 			pf->voice[t].main.s=NULL;
@@ -3111,7 +3111,7 @@
 		pf->patbrk=0;
 		pf->vbtick=pf->sngspd;
 
-		for (t=0;t<md_sngchn;t++) {
+		for (t=0;t<pf->numchn;t++) {
 			Voice_Stop_internal(t);
 			pf->voice[t].main.i=NULL;
 			pf->voice[t].main.s=NULL;
@@ -3138,7 +3138,7 @@
 		pf->sngpos=pos;
 		pf->vbtick=pf->sngspd;
 
-		for (t=0;t<md_sngchn;t++) {
+		for (t=0;t<pf->numchn;t++) {
 			Voice_Stop_internal(t);
 			pf->voice[t].main.i=NULL;
 			pf->voice[t].main.s=NULL;

Reply via email to