http://bugs.winehq.org/show_bug.cgi?id=12349
--- Comment #5 from Jörg Höhle hoehle@users.sourceforge.net 2008-04-04 07:33:47 ---
for (i = 1; i < len; i += 2)
for (i = 0; i < len-1; i += 2)
Please pardon my micro-optimizations.
for (i = 0; i < len-2; i += 4) Mixing a single byte doesn't make sense if your shortest unit of data is 2 bytes long so I put len-2 instead of len-3. Nonetheless I have various checks that make sure samples are aligned with the amount of channels.
I had not seen such checks (probably in other functions).
But do you have a check to ensure that len is aligned on the bitpersample size? That's precisely why I used 3 and not 2 even 2 sounds logical in context. Some bogus application could call with len = 3 or 1027 with 1 channel a 16bits. Then the -2 code overflows, while the -3 doesn't. Of course, if you can proove that somewhere up in the call hierarchy, this can never happen, we need not discuss this further.
Can you submit the fixed version to the wine-patches mailing list?
Luckily, http://winehq.org/site/forums says this is an open list, so I'll do.