You guys should probably just remove the SGI modules, the code looks
like it hasn't been touched in some time and hasn't gone through the
same security checks as other pieces of code. Sorry I have no
repro's/pocs, I don't have an irix box either though ;]
integer overflow/misallocation occurs at 1071, write to bad memory at 1076
1042 alp_readsamps(alpobject *self, PyObject *args)
1043 {
1044 long count;
1045 PyObject *v;
1046 ALconfig c;
1047 int width;
1048 int ret;
1049
1050 if (!PyArg_ParseTuple(args, "l:readsamps", &count))
1051 return NULL;
1052
1053 if (count <= 0) {
1054 PyErr_SetString(ErrorObject, "al.readsamps : arg <=
0");
1055 return NULL;
1056 }
1057
1058 c = ALgetconfig(self->port);
1059 #ifdef AL_405
1060 width = ALgetsampfmt(c);
1061 if (width == AL_SAMPFMT_FLOAT)
1062 width = sizeof(float);
1063 else if (width == AL_SAMPFMT_DOUBLE)
1064 width = sizeof(double);
1065 else
1066 width = ALgetwidth(c);
1067 #else
1068 width = ALgetwidth(c);
1069 #endif /* AL_405 */
1070 ALfreeconfig(c);
1071 v = PyString_FromStringAndSize((char *)NULL, width * count);
1072 if (v == NULL)
1073 return NULL;
1074
1075 Py_BEGIN_ALLOW_THREADS
1076 ret = ALreadsamps(self->port, (void *)
PyString_AsString(v), count);
1077 Py_END_ALLOW_THREADS
1078 if (ret == -1) {
1079 Py_DECREF(v);
1080 return NULL;
1081 }
1082
1083 return (v);
1084 }
|