Package: timidity Version: 2.14.0-8 I have been working on updating Fedora's timidity packages to the 2.15.0 release (which is actually quite old) and checking Debian's patches as part of this.
Patch 0004-Fix-off-by-one-crash-error-in-panning-reverb.patch which fixes: https://bugs.debian.org/440543 Stood out to me. I can reproduce the bug with 2.14.0 and th3_06.mid, but with 2.15.0 it is fixed, even though the code this patch fixes is still the same. I believe that this patch actually is wrong and is not fixing an off-by-one but introducing one (which happens to paper over whatever the real bug was). The patch changes the code from first increment the index (pre-increment) and then check to see if we should wrap around, to a post-decrement which means the == check will be done first and only then will the increment happen. So AFAICT this actually introduces an off-by-one. Regards, Hans
