From b10403693c51594b890e7f9eb0a1e6367c76d478 Mon Sep 17 00:00:00 2001 From: Artur Rojek Date: Fri, 10 Feb 2023 15:38:17 +0100 Subject: [PATCH] Fix NULL pointer dereference in S3CalculateRandomizedFields (#284) If the sound has been muted (!gS3_enabled) during game data loading, it is then possible to unmute it during gameplay and request a sound effect which doesn't have a sample loaded (most prominent for pratcam sfx). While logic in `S3StartSound` accommodates for such a case by loading the missing sample, it first calls `S3CalculateRandomizedFields`, which triggers a NULL pointer dereference on platforms with memory protection. This bug is most likely an overlook from the DOS era. Fix this by checking for NULL pointer before use. Signed-off-by: Artur Rojek --- src/S3/CMakeLists.txt | 3 +++ src/S3/audio.c | 7 +++++++ 2 files changed, 10 insertions(+) diff --git a/src/S3/CMakeLists.txt b/src/S3/CMakeLists.txt index e3c1c2b8f..b7a6e2fde 100644 --- a/src/S3/CMakeLists.txt +++ b/src/S3/CMakeLists.txt @@ -18,6 +18,9 @@ else() /wd4996 ) endif() +if(DETHRACE_FIX_BUGS) + target_compile_definitions(s3 PRIVATE DETHRACE_FIX_BUGS) +endif() if(IS_BIGENDIAN) target_compile_definitions(s3 PRIVATE BR_ENDIAN_BIG=1) diff --git a/src/S3/audio.c b/src/S3/audio.c index da06d6fa8..4e5a77047 100644 --- a/src/S3/audio.c +++ b/src/S3/audio.c @@ -962,6 +962,13 @@ void S3CalculateRandomizedFields(tS3_channel* chan, tS3_descriptor* desc) { chan->left_volume = vol; chan->right_volume = vol; if (desc->type == eS3_ST_sample) { +#if defined(DETHRACE_FIX_BUGS) + /* Avoid a possible NULL pointer dereference. */ + if ((tS3_sample *)desc->sound_data == NULL) { + chan->rate = desc->min_pitch; + return; + } +#endif chan->rate = S3IRandomBetweenLog(desc->min_pitch, desc->max_pitch, ((tS3_sample*)desc->sound_data)->rate); } }