51 lines
2.0 KiB
Plaintext
51 lines
2.0 KiB
Plaintext
$OpenBSD: patch-src_load_s3m_cpp,v 1.3 2011/08/18 17:56:48 jasper Exp $
|
|
|
|
Fix S3M stack overflows SA45131/B
|
|
From upstream git: f4e5295658fff000379caa122e75c9200205fe20
|
|
|
|
Fixed a potential memory overread in CSoundFile::ReadS3M()
|
|
From upstream git: 537e9fd5b95cf6c448e9bd2ea2973e8b139bce00
|
|
|
|
--- src/load_s3m.cpp.orig Fri Mar 25 23:17:18 2011
|
|
+++ src/load_s3m.cpp Thu Aug 18 19:47:06 2011
|
|
@@ -187,11 +187,11 @@ BOOL CSoundFile::ReadS3M(const BYTE *lpStream, DWORD d
|
|
//---------------------------------------------------------------
|
|
{
|
|
UINT insnum,patnum,nins,npat;
|
|
- DWORD insfile[128];
|
|
+ DWORD insfile[MAX_SAMPLES];
|
|
WORD ptr[256];
|
|
BYTE s[1024];
|
|
DWORD dwMemPos;
|
|
- BYTE insflags[128], inspack[128];
|
|
+ BYTE insflags[MAX_SAMPLES], inspack[MAX_SAMPLES];
|
|
S3MFILEHEADER psfh = *(S3MFILEHEADER *)lpStream;
|
|
|
|
psfh.reserved1 = bswapLE16(psfh.reserved1);
|
|
@@ -315,7 +315,14 @@ BOOL CSoundFile::ReadS3M(const BYTE *lpStream, DWORD d
|
|
Ins[iSmp].nC4Speed = j;
|
|
insfile[iSmp] = ((DWORD)bswapLE16(*((LPWORD)(s+0x0E)))) << 4;
|
|
insfile[iSmp] += ((DWORD)(BYTE)s[0x0D]) << 20;
|
|
- if (insfile[iSmp] > dwMemLength) insfile[iSmp] &= 0xFFFF;
|
|
+ // offset is invalid - ignore this sample.
|
|
+ if (insfile[iSmp] > dwMemLength) insfile[iSmp] = 0;
|
|
+ else if (insfile[iSmp]) {
|
|
+ // ignore duplicate samples.
|
|
+ for (int z=iSmp-1; z>=0; z--)
|
|
+ if (insfile[iSmp] == insfile[z])
|
|
+ insfile[iSmp] = 0;
|
|
+ }
|
|
if ((Ins[iSmp].nLoopStart >= Ins[iSmp].nLoopEnd) || (Ins[iSmp].nLoopEnd - Ins[iSmp].nLoopStart < 8))
|
|
Ins[iSmp].nLoopStart = Ins[iSmp].nLoopEnd = 0;
|
|
Ins[iSmp].nPan = 0x80;
|
|
@@ -393,7 +400,8 @@ BOOL CSoundFile::ReadS3M(const BYTE *lpStream, DWORD d
|
|
if (insflags[iRaw-1] & 2) flags |= RSF_STEREO;
|
|
if (inspack[iRaw-1] == 4) flags = RS_ADPCM4;
|
|
dwMemPos = insfile[iRaw];
|
|
- dwMemPos += ReadSample(&Ins[iRaw], flags, (LPSTR)(lpStream + dwMemPos), dwMemLength - dwMemPos);
|
|
+ if (dwMemPos < dwMemLength)
|
|
+ dwMemPos += ReadSample(&Ins[iRaw], flags, (LPSTR)(lpStream + dwMemPos), dwMemLength - dwMemPos);
|
|
}
|
|
m_nMinPeriod = 64;
|
|
m_nMaxPeriod = 32767;
|