Menu
▾
▴
[OMPT-svn-commit] SF.net SVN: modplug:[960] trunk/OpenMPT/soundlib
|
From: <sag...@us...> - 2011-08-07 21:20:53
|
Revision: 960
http://modplug.svn.sourceforge.net/modplug/?rev=960&view=rev
Author: saga-games
Date: 2011-08-07 21:20:46 +0000 (Sun, 07 Aug 2011)
Log Message:
-----------
[Fix] Fixed vulnerability in WAV, AMS and DSM loaders (http://secunia.com/advisories/45131/).
Modified Paths:
--------------
trunk/OpenMPT/soundlib/LOAD_DSM.CPP
trunk/OpenMPT/soundlib/Load_ams.cpp
trunk/OpenMPT/soundlib/Load_wav.cpp
Modified: trunk/OpenMPT/soundlib/LOAD_DSM.CPP
===================================================================
--- trunk/OpenMPT/soundlib/LOAD_DSM.CPP 2011-08-05 15:48:20 UTC (rev 959)
+++ trunk/OpenMPT/soundlib/LOAD_DSM.CPP 2011-08-07 21:20:46 UTC (rev 960)
@@ -105,7 +105,7 @@
if (m_nChannels < 1) m_nChannels = 1;
if (m_nChannels > 16) m_nChannels = 16;
m_nSamples = psong->numsmp;
- if (m_nSamples > MAX_SAMPLES) m_nSamples = MAX_SAMPLES;
+ if (m_nSamples >= MAX_SAMPLES) m_nSamples = MAX_SAMPLES - 1;
m_nDefaultSpeed = psong->speed;
m_nDefaultTempo = psong->bpm;
m_nDefaultGlobalVolume = psong->globalvol << 2;
Modified: trunk/OpenMPT/soundlib/Load_ams.cpp
===================================================================
--- trunk/OpenMPT/soundlib/Load_ams.cpp 2011-08-05 15:48:20 UTC (rev 959)
+++ trunk/OpenMPT/soundlib/Load_ams.cpp 2011-08-07 21:20:46 UTC (rev 960)
@@ -82,7 +82,7 @@
if ((!lpStream) || (dwMemLength < 126)) return false;
if ((pfh->verhi != 0x01) || (strncmp(pfh->szHeader, "Extreme", 7))
- || (!pfh->patterns) || (!pfh->orders) || (!pfh->samples) || (pfh->samples > MAX_SAMPLES)
+ || (!pfh->patterns) || (!pfh->orders) || (!pfh->samples) || (pfh->samples >= MAX_SAMPLES)
|| (pfh->patterns > MAX_PATTERNS) || (pfh->orders > MAX_ORDERS))
{
return ReadAMS2(lpStream, dwMemLength);
@@ -366,7 +366,7 @@
dwMemPos = pfh->titlelen + 8;
psh = (AMS2SONGHEADER *)(lpStream + dwMemPos);
if (((psh->version & 0xFF00) != 0x0200) || (!psh->instruments)
- || (psh->instruments > MAX_INSTRUMENTS) || (!psh->patterns) || (!psh->orders)) return false;
+ || (psh->instruments >= MAX_INSTRUMENTS) || (!psh->patterns) || (!psh->orders)) return false;
dwMemPos += sizeof(AMS2SONGHEADER);
if (pfh->titlelen)
{
Modified: trunk/OpenMPT/soundlib/Load_wav.cpp
===================================================================
--- trunk/OpenMPT/soundlib/Load_wav.cpp 2011-08-05 15:48:20 UTC (rev 959)
+++ trunk/OpenMPT/soundlib/Load_wav.cpp 2011-08-07 21:20:46 UTC (rev 960)
@@ -58,7 +58,7 @@
if(fail) return true;
UINT samplesize = (pfmt->channels * pfmt->bitspersample) >> 3;
UINT len = pdata->length, bytelen;
- if (dwMemPos + len > dwMemLength - 8) len = dwMemLength - dwMemPos - 8;
+ if (len > dwMemLength - 8 - dwMemPos) len = dwMemLength - dwMemPos - 8;
len /= samplesize;
bytelen = len;
if (pfmt->bitspersample >= 16) bytelen *= 2;
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
