b73407e791
There is a an out-of-bounds access in digi_mixer_start_sound() when soundnum is < 0. The bounds check I added here is already present in digi_audio_start_sound(). This bug was triggered on the RPi d2x built when trying to show the briefing screen because briefing_new_screen() tries to play SOUND_BRIEFING_HUM, which digi_xlat_sound() translated to -1 in this situation. The game finally crashed in mixdigi_convert_sound() because GameSounds[-1] happened to contain some non-zero data (on my Linux desktop, that memory seems to be always 0 by accident...). This was also the reason why the pi version tried to allocate lots of memory before it crashed in memcpy(). |
||
|---|---|---|
| .. | ||
| digi.cpp | ||
| digi_audio.cpp | ||
| digi_mixer.cpp | ||
| event.cpp | ||
| gr.cpp | ||
| init.cpp | ||
| jukebox.cpp | ||
| key.cpp | ||
| mouse.cpp | ||
| timer.cpp | ||