[BOX32] Fix vorbis pcmout/lapout/analysis_buffer pointer conversion#3630
Merged
ptitSeb merged 2 commits intoptitSeb:mainfrom Mar 9, 2026
Merged
[BOX32] Fix vorbis pcmout/lapout/analysis_buffer pointer conversion#3630ptitSeb merged 2 commits intoptitSeb:mainfrom
ptitSeb merged 2 commits intoptitSeb:mainfrom
Conversation
vorbis_synthesis_pcmout and vorbis_synthesis_lapout write a native float** (8 bytes) into the caller-provided pointer slot, but 32-bit callers only allocate 4 bytes for it. This corrupts adjacent stack memory and causes SIGSEGV when the truncated pointer is dereferenced. Use a static ptr_t[256] buffer to convert the native float** array to 32-bit pointers, and write a 32-bit pointer to that buffer back to the caller. Same fix for vorbis_analysis_buffer which returns float**.
ptitSeb
reviewed
Mar 9, 2026
Owner
|
LGTM, will test a bit later |
Owner
|
I tested old WorldOfGoo 32bits linux binary, and it works fine now :) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The box32 wrappers for
vorbis_synthesis_pcmout,vorbis_synthesis_lapout, andvorbis_analysis_bufferpass the caller's 32-bit pointer slot directly to the native 64-bit function. The native function writes an 8-bytefloat**into a 4-byte slot, corrupting adjacent stack memory and causing SIGSEGV inov_read_filter.Fix: use a local
ptr_t[256]buffer to convert the nativefloat**array to 32-bit pointers, then write a 32-bit pointer back to the caller.Tested on both ARM64 and PPC64LE with an x86 32-bit test binary (emulated
libvorbisfile.so.3+ wrappedlibvorbis.so.0) — OGG decoding works correctly with the fix.