Some combinations of timidity-patch-sets and MIDI-files lead to ungraceful termination of all programs using the libtimidity-library. The cause seems to be the use of a signed integer in a sample-size calculation and the overflow of that int. Allocation of sample-memory is not checked, causing a segmentation fault. The attached patch fixes the problem by using an unsigned int instead. The patch has also been submitted to the librarys project page at sourceforge but the library has not been developed for four years... Reproducible: Always Steps to Reproduce: 1. Use a x86-machine (64bit signed int is large enough); select media-sound/timidity-eawpatches-12-r5 as patchset; 2. Playback a MIDI-file (sorry, can't post, copyright...) that triggers the calculation. Actual Results: Application segfaults. Expected Results: Application plays the MIDI-file.
Created attachment 144520 [details, diff] use unsigned int for size-calculation
Thanks