Author: sagamusix
Date: Sun Apr 21 21:20:10 2024
New Revision: 20644
URL: https://source.openmpt.org/browse/openmpt/?op=revision&rev=20644
Log:
Merged revision(s) 20641 from trunk/OpenMPT:
[Mod] MO3: Further reduce maximum allowed music data (not samples) size from 2GB to 512MB.
........
Modified:
branches/OpenMPT-1.29/ (props changed)
branches/OpenMPT-1.29/soundlib/Load_mo3.cpp
Modified: branches/OpenMPT-1.29/soundlib/Load_mo3.cpp
==============================================================================
--- branches/OpenMPT-1.29/soundlib/Load_mo3.cpp Sun Apr 21 21:19:51 2024 (r20643)
+++ branches/OpenMPT-1.29/soundlib/Load_mo3.cpp Sun Apr 21 21:20:10 2024 (r20644)
@@ -737,7 +737,9 @@
{
return false;
}
- if(containerHeader.musicSize <= sizeof(MO3FileHeader) || containerHeader.musicSize >= uint32_max / 2u)
+ // Due to the LZ algorithm's unbounded back window, we could reach gigantic sizes with just a few dozen bytes.
+ // 512 MB of music data (not samples) is chosen as a safeguard that is probably (hopefully) *way* beyond anything a real-world module will ever reach.
+ if(containerHeader.musicSize <= sizeof(MO3FileHeader) || containerHeader.musicSize >= 0x2000'0000)
{
return false;
}
|
