From 6de55e416b337dd7eee3df85d967a31a12169186 Mon Sep 17 00:00:00 2001 From: Pokechu22 Date: Sat, 11 Jun 2022 11:40:38 -0700 Subject: [PATCH] WaveFile: Fix size check `count` is the number of stereo samples to write (where each stereo sample is two shorts), while `BUFFER_SIZE` is the size of the buffer in shorts. So `count` needs to be multiplied by `2`, not `BUFFER_SIZE`. Also, when this check was failed, the previous code just clobbered whatever was past the end of the buffer after logging the warning, which corrupted `basename`, eventually resulting in Dolphin crashing. This affected Datel's Wii-compatible Action Replay, which uses a block size of 2298, or 18384 stereo samples, which is 36768 shorts, which is bigger than the buffer size of 32768. (However, the previous commit means that only one block is transfered at a time, eliminating this issue; fixing the bounds check is just a general safety thing instead of an actual bugfix now.) --- Source/Core/AudioCommon/WaveFile.cpp | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/Source/Core/AudioCommon/WaveFile.cpp b/Source/Core/AudioCommon/WaveFile.cpp index dc689e74dd..2e67d86519 100644 --- a/Source/Core/AudioCommon/WaveFile.cpp +++ b/Source/Core/AudioCommon/WaveFile.cpp @@ -119,10 +119,16 @@ void WaveFileWriter::AddStereoSamplesBE(const short* sample_data, u32 count, u32 sample_rate_divisor, int l_volume, int r_volume) { if (!file) + { ERROR_LOG_FMT(AUDIO, "WaveFileWriter - file not open."); + return; + } - if (count > BUFFER_SIZE * 2) + if (count * 2 > BUFFER_SIZE) + { ERROR_LOG_FMT(AUDIO, "WaveFileWriter - buffer too small (count = {}).", count); + return; + } if (skip_silence) {