cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
7781e35531
openbsd-ports/audio/libmodplug/patches/patch-src_load_ams_cpp
jasper 4050b0b53e Security fixes for CVE-2011-291{1,2,3,4,5} 
Various integer overflows and off-by-one errors in libmodplug.
2011-08-18 17:56:47 +00:00

29 lines
1.3 KiB
Plaintext
Raw Blame History

$OpenBSD: patch-src_load_ams_cpp,v 1.1 2011/08/18 17:56:47 jasper Exp $
AMSv2 off by one problem (related to SA45131/C)
From upstream git: 16d7a78efe14d345a6c5b241f88422ad0ee483ea
Fix AMS and DSM too large by one - SA45131/C
From upstream git: 26243ab9fe1171f70053e9aec4b20e9f7de9e4ef
--- src/load_ams.cpp.orig Thu Aug 18 19:49:58 2011
+++ src/load_ams.cpp Thu Aug 18 19:52:09 2011
@@ -52,7 +52,7 @@ BOOL CSoundFile::ReadAMS(LPCBYTE lpStream, DWORD dwMem
if ((!lpStream) || (dwMemLength < 1024)) return FALSE;
if ((pfh->verhi != 0x01) || (strncmp(pfh->szHeader, "Extreme", 7))
- || (!pfh->patterns) || (!pfh->orders) || (!pfh->samples) || (pfh->samples > MAX_SAMPLES)
+ || (!pfh->patterns) || (!pfh->orders) || (!pfh->samples) || (pfh->samples >= MAX_SAMPLES)
|| (pfh->patterns > MAX_PATTERNS) || (pfh->orders > MAX_ORDERS))
{
return ReadAMS2(lpStream, dwMemLength);
@@ -321,7 +321,7 @@ BOOL CSoundFile::ReadAMS2(LPCBYTE lpStream, DWORD dwMe
dwMemPos = pfh->titlelen + 8;
psh = (AMS2SONGHEADER *)(lpStream + dwMemPos);
if (((psh->version & 0xFF00) != 0x0200) || (!psh->instruments)
- || (psh->instruments > MAX_INSTRUMENTS) || (!psh->patterns) || (!psh->orders)) return FALSE;
+ || (psh->instruments >= MAX_INSTRUMENTS) || (!psh->patterns) || (!psh->orders)) return FALSE;
dwMemPos += sizeof(AMS2SONGHEADER);
if (pfh->titlelen)
{
Reference in New Issue View Git Blame Copy Permalink