Thread: [OMPT-svn-commit] OpenMPT r20614 - trunk/OpenMPT/soundlib

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Author: sagamusix
Date: Wed Apr 17 20:16:32 2024
New Revision: 20614
URL: https://source.openmpt.org/browse/openmpt/?op=revision&rev=20614

Log:
[Imp] MO3: It's possible to establish a clear upper bound on the size of pattern track data. Reject any track that is too big in size.

Modified:
   trunk/OpenMPT/soundlib/Load_mo3.cpp

Modified: trunk/OpenMPT/soundlib/Load_mo3.cpp
==============================================================================

--- trunk/OpenMPT/soundlib/Load_mo3.cpp	Wed Apr 17 19:00:21 2024	(r20613)
+++ trunk/OpenMPT/soundlib/Load_mo3.cpp	Wed Apr 17 20:16:32 2024	(r20614)
@@ -989,6 +989,10 @@
 	for(auto &track : tracks)
 	{
 		uint32 len = musicChunk.ReadUint32LE();
+		// A pattern can be at most 65535 rows long, one row can contain at most 15 events (with the status bytes, that 31 bytes per row).
+		// Leaving some margin for error, that gives us an upper limit of 2MB per track.
+		if(len >= 0x20'0000)
+			return false;
 		track = musicChunk.ReadChunk(len);
 	}
 




Thread: [OMPT-svn-commit] OpenMPT r20614 - trunk/OpenMPT/soundlib

A music tracker software for Windows.

modplug-svn-commit