Commit cbafb158b0c168a98fdacbf54c8a483e255ab3ba
2014-06-24T01:38:21
Fixed bug 2467 - bad memcpy in SDL_OpenAudio/open_audio_device/prepare_audiospec chain Rainer Deyke If 'SDL_OpenAudio' is called with 'obtained == NULL', 'prepare_audiospec' performs a bad 'memcpy' with the destination and source pointing to the same block of memory. The problem appears to be on in 'SDL_OpenAudio', which calls open_audio_device with 'obtained = desired' when 'obtained == NULL'. 'open_audio_device' cannot deal with 'desired' and 'obtained' pointing to the same block of memory but can deal with 'obtained == NULL'
diff --git a/src/audio/SDL_audio.c b/src/audio/SDL_audio.c
index 2de22b2..af8247c 100644
--- a/src/audio/SDL_audio.c
+++ b/src/audio/SDL_audio.c
@@ -1094,7 +1094,7 @@ SDL_OpenAudio(SDL_AudioSpec * desired, SDL_AudioSpec * obtained)
id = open_audio_device(NULL, 0, desired, obtained,
SDL_AUDIO_ALLOW_ANY_CHANGE, 1);
} else {
- id = open_audio_device(NULL, 0, desired, desired, 0, 1);
+ id = open_audio_device(NULL, 0, desired, NULL, 0, 1);
}
SDL_assert((id == 0) || (id == 1));