AudioSynthToneSweep had a buffer overflow caused by incorrect handling of the bp pointer when filling the remainder of the buffer with 0s. It only overflowed by one entry, but this was sometimes causing a crash when ending a tone sweep. Here's how it worked:
bp = block->data;
...
for(i = 0;i < AUDIO_BLOCK_SAMPLES;i++) {
// let's say it's the last time through this loop, so i == AUDIO_BLOCK_SAMPLES - 1
*bp++ = ...; // this line increments bp after writing to *bp.
...
if (...) {
// now, this if block executes
break;
}
}
// because of the break statement, i is still AUDIO_BLOCK_SAMPLES - 1 here
while(i < AUDIO_BLOCK_SAMPLES) {
// uh oh, bp has already been incremented past the end of the buffer
*bp++ = 0;
i++;
}
AudioSynthToneSweep had a buffer overflow caused by incorrect handling of the
bppointer when filling the remainder of the buffer with 0s. It only overflowed by one entry, but this was sometimes causing a crash when ending a tone sweep. Here's how it worked: