https://bugs.winehq.org/show_bug.cgi?id=52191
Bug ID: 52191 Summary: Null pointer dereference in MPEG3_StreamConvert Product: Wine Version: 6.20 Hardware: x86-64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: l3codeca.acm Assignee: wine-bugs@winehq.org Reporter: hendi48@freenet.de Regression SHA1: 5329da61ac51995f7a690edffbbc57d955566a6d Distribution: ArchLinux
Wine 6.20 broke certain DX8 games that use DirectSound to do MP3 decoding.
https://github.com/wine-mirror/wine/blob/wine-6.20/dlls/l3codeca.acm/mpegl3.... Here, mpg123_feedseek is called with NULL as 4th argument (input_offset).
The called function does not check for NULL and faults when attempting to write to it: int __cdecl mpg123_feedseek(mpg123_handle *mh, int sampleoff, int whence, int *input_offset) { int result; // eax _off_t largeioff; // [esp+1Ch] [ebp-Ch]
result = mpg123_feedseek_64(mh, sampleoff, whence, &largeioff); if ( result >= 0 ) *input_offset = largeioff; return result; }
This is decompiled code from the l3codeca.acm i386 library in Arch Linux's wine-6.20-1 package (the same thing is the case in 6.21, too). What's really really strange is that I just checked the bundled mpg123 source tree that comes with Wine since 6.20, and the function looks very different.
Could this be a compilation screwup where distribution maintainers somehow compile an external variant of mpg123 and not the in-tree version?