Репозитории ALT
| S: | 3.3.11.1-alt2 |
| 5.1: | 3.1.11-alt0.8 |
| 4.1: | 3.1.11-alt0.4 |
| 4.0: | 3.1.11-alt0.2 |
| 3.0: | 3.1.10-alt3 |
Группа :: Система/Библиотеки
Пакет: libmikmod
навигация по пакетам
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
Патч: libmikmod-3.1.12-CVE-2007-6720.patch
Скачать
Скачать
This patch fixes "buffer overflow due to md_numchn - ID: 1630158"
--- playercode/mplayer.c
+++ playercode/mplayer.c
@@ -52,6 +52,8 @@ extern long int random(void);
will wait */
/*static*/ MODULE *pf = NULL;
+#define NUMVOICES(mod) (md_sngchn < (mod)->numvoices ? md_sngchn : (mod)->numvoices)
+
#define HIGH_OCTAVE 2 /* number of above-range octaves */
static UWORD oldperiods[OCTAVE*2]={@@ -248,14 +250,14 @@ static int MP_FindEmptyChannel(MODULE *m
MP_VOICE *a;
ULONG t,k,tvol,pp;
- for (t=0;t<md_sngchn;t++)
+ for (t=0;t<NUMVOICES(mod);t++)
if (((mod->voice[t].main.kick==KICK_ABSENT)||
(mod->voice[t].main.kick==KICK_ENV))&&
Voice_Stopped_internal(t))
return t;
tvol=0xffffffUL;t=-1;a=mod->voice;
- for (k=0;k<md_sngchn;k++,a++) {+ for (k=0;k<NUMVOICES(mod);k++,a++) {/* allow us to take over a nonexisting sample */
if (!a->main.s)
return k;
@@ -2249,12 +2251,12 @@ static void DoNNAEffects(MODULE *mod, MP
switch (dat) {case 0x0: /* past note cut */
- for (t=0;t<md_sngchn;t++)
+ for (t=0;t<NUMVOICES(mod);t++)
if (mod->voice[t].master==a)
mod->voice[t].main.fadevol=0;
break;
case 0x1: /* past note off */
- for (t=0;t<md_sngchn;t++)
+ for (t=0;t<NUMVOICES(mod);t++)
if (mod->voice[t].master==a) {mod->voice[t].main.keyoff|=KEY_OFF;
if ((!(mod->voice[t].venv.flg & EF_ON))||
@@ -2263,7 +2265,7 @@ static void DoNNAEffects(MODULE *mod, MP
}
break;
case 0x2: /* past note fade */
- for (t=0;t<md_sngchn;t++)
+ for (t=0;t<NUMVOICES(mod);t++)
if (mod->voice[t].master==a)
mod->voice[t].main.keyoff|=KEY_FADE;
break;
@@ -2318,7 +2320,7 @@ void pt_UpdateVoices(MODULE *mod, int ma
SAMPLE *s;
mod->totalchn=mod->realchn=0;
- for (channel=0;channel<md_sngchn;channel++) {+ for (channel=0;channel<NUMVOICES(mod);channel++) {aout=&mod->voice[channel];
i=aout->main.i;
s=aout->main.s;
@@ -2736,7 +2738,7 @@ void pt_NNA(MODULE *mod)
if (a->dct!=DCT_OFF) {int t;
- for (t=0;t<md_sngchn;t++)
+ for (t=0;t<NUMVOICES(mod);t++)
if ((!Voice_Stopped_internal(t))&&
(mod->voice[t].masterchn==channel)&&
(a->main.sample==mod->voice[t].main.sample)) {@@ -2978,6 +2980,11 @@ BOOL Player_Init(MODULE* mod)
if (!(mod->voice=(MP_VOICE*)_mm_calloc(md_sngchn,sizeof(MP_VOICE))))
return 1;
+ /* mod->numvoices was used during loading to clamp md_sngchn.
+ After loading it's used to remember how big mod->voice is.
+ */
+ mod->numvoices = md_sngchn;
+
Player_Init_internal(mod);
return 0;
}
@@ -3086,7 +3093,7 @@ MIKMODAPI void Player_NextPosition(void)
pf->patbrk=0;
pf->vbtick=pf->sngspd;
- for (t=0;t<md_sngchn;t++) {+ for (t=0;t<NUMVOICES(pf);t++) {Voice_Stop_internal(t);
pf->voice[t].main.i=NULL;
pf->voice[t].main.s=NULL;
@@ -3111,7 +3118,7 @@ MIKMODAPI void Player_PrevPosition(void)
pf->patbrk=0;
pf->vbtick=pf->sngspd;
- for (t=0;t<md_sngchn;t++) {+ for (t=0;t<NUMVOICES(pf);t++) {Voice_Stop_internal(t);
pf->voice[t].main.i=NULL;
pf->voice[t].main.s=NULL;
@@ -3138,7 +3145,7 @@ MIKMODAPI void Player_SetPosition(UWORD
pf->sngpos=pos;
pf->vbtick=pf->sngspd;
- for (t=0;t<md_sngchn;t++) {+ for (t=0;t<NUMVOICES(pf);t++) {Voice_Stop_internal(t);
pf->voice[t].main.i=NULL;
pf->voice[t].main.s=NULL;