Author: sagamusix
Date: Sun Apr 21 21:11:24 2024
New Revision: 20641
URL: https://source.openmpt.org/browse/openmpt/?op=revision&rev=20641
Log:
[Mod] MO3: Further reduce maximum allowed music data (not samples) size from 2GB to 512MB.
Modified:
trunk/OpenMPT/soundlib/Load_mo3.cpp
Modified: trunk/OpenMPT/soundlib/Load_mo3.cpp
==============================================================================
--- trunk/OpenMPT/soundlib/Load_mo3.cpp Sun Apr 21 20:21:05 2024 (r20640)
+++ trunk/OpenMPT/soundlib/Load_mo3.cpp Sun Apr 21 21:11:24 2024 (r20641)
@@ -805,7 +805,9 @@
{
return false;
}
- if(containerHeader.musicSize <= sizeof(MO3FileHeader) || containerHeader.musicSize >= uint32_max / 2u)
+ // Due to the LZ algorithm's unbounded back window, we could reach gigantic sizes with just a few dozen bytes.
+ // 512 MB of music data (not samples) is chosen as a safeguard that is probably (hopefully) *way* beyond anything a real-world module will ever reach.
+ if(containerHeader.musicSize <= sizeof(MO3FileHeader) || containerHeader.musicSize >= 0x2000'0000)
{
return false;
}
|
