| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 0199-Fixed-use-after-free-in-music_fluidsynth.c.patch | [PATCH 199/199] Fixed use-after-free in music_fluidsynth.c Tom M. There is a dangerous use-after-free in FLUIDSYNTH_Delete(): the settings object is deleted **before** the synth. Since the settings have been created first to initialize the synth, you must first delete the synth and then delete the settings. This currently crashes all applications that use fluidsynth 2.1.6 and SDL2_mixer. Please apply the attached patch and release a bug fix release. Originally reported at https://github.com/FluidSynth/fluidsynth/issues/748 |
Sam Lantinga <slouken@libsdl.org> | no | 2021-01-20 |