Channel Convert Init Access Violation going from 2 channels to >2 channels

[marler8997]

Initializing a channel converter (also applies to a general data converter) with 2 input channels and more than 2 output channels results in a NULL dereference. I've provided a sample program to reproduce below. The issue occurs in ma_channel_converter_init_preallocated inside the ma_channel_mix_mode_rectangular mixing mode switch case. The expression pConverter->pChannelMapIn is NULL but the initializer attempts to index it with an input channel index.

#include <stdio.h>

#define MINIAUDIO_IMPLEMENTATION
#include "miniaudio.h"

int main(int argc, char *argv)
{
    ma_channel_converter_config config = ma_channel_converter_config_init(
        ma_format_f32,
        2, // switching to 1 avoids the crash
        NULL,
        4, // anything >= 3 crashes, 1 and 2 don't crash
        NULL,
        ma_channel_mix_mode_default // ma_channel_mix_mode_simple avoids the crash
    );
    ma_channel_converter converter;
    fprintf(stderr, "calling init...\n");
    fflush(stderr);
    // crash will occur inside this function call
    auto result = ma_channel_converter_init(&config, NULL, &converter);
    fprintf(stderr, "init returned %d\n", result);
    fflush(stderr);
    return 0;
}

[mackron]

Thanks for the report and the repro. I've finally got around to checking this, but unfortunately I've been unable to replicate it on both the dev branch and the master branch. I tried with both MSVC and Clang and neither are crashing. What version of miniaudio are you using? If not the latest, are you able to try the master or dev branch?

[marler8997]

Ah yes looks like it's passing on master now. I've bisected the fix to this commit: f6e5cf10ae10494cf7215a2b2262092e8247dd7f

Closing