diff options
Diffstat (limited to 'abs/extra/libmikmod/libmikmod-3.1.12-md_sngchn-fix.diff')
| -rw-r--r-- | abs/extra/libmikmod/libmikmod-3.1.12-md_sngchn-fix.diff | 112 |
1 files changed, 112 insertions, 0 deletions
diff --git a/abs/extra/libmikmod/libmikmod-3.1.12-md_sngchn-fix.diff b/abs/extra/libmikmod/libmikmod-3.1.12-md_sngchn-fix.diff new file mode 100644 index 0000000..45cc355 --- /dev/null +++ b/abs/extra/libmikmod/libmikmod-3.1.12-md_sngchn-fix.diff @@ -0,0 +1,112 @@ +This patch fixes "buffer overflow due to md_numchn - ID: 1630158" + +diff -ru libmikmod-3.1.12.orig/playercode/mplayer.c libmikmod-3.1.12/playercode/mplayer.c +--- libmikmod-3.1.12.orig/playercode/mplayer.c 2007-12-15 01:26:28.000000000 -0800 ++++ libmikmod-3.1.12/playercode/mplayer.c 2009-10-04 23:48:36.000000000 -0700 +@@ -52,6 +52,8 @@ + will wait */ + /*static*/ MODULE *pf = NULL; + ++#define NUMVOICES(mod) (md_sngchn < (mod)->numvoices ? md_sngchn : (mod)->numvoices) ++ + #define HIGH_OCTAVE 2 /* number of above-range octaves */ + + static UWORD oldperiods[OCTAVE*2]={ +@@ -248,14 +250,14 @@ + MP_VOICE *a; + ULONG t,k,tvol,pp; + +- for (t=0;t<md_sngchn;t++) ++ for (t=0;t<NUMVOICES(mod);t++) + if (((mod->voice[t].main.kick==KICK_ABSENT)|| + (mod->voice[t].main.kick==KICK_ENV))&& + Voice_Stopped_internal(t)) + return t; + + tvol=0xffffffUL;t=-1;a=mod->voice; +- for (k=0;k<md_sngchn;k++,a++) { ++ for (k=0;k<NUMVOICES(mod);k++,a++) { + /* allow us to take over a nonexisting sample */ + if (!a->main.s) + return k; +@@ -2249,12 +2251,12 @@ + + switch (dat) { + case 0x0: /* past note cut */ +- for (t=0;t<md_sngchn;t++) ++ for (t=0;t<NUMVOICES(mod);t++) + if (mod->voice[t].master==a) + mod->voice[t].main.fadevol=0; + break; + case 0x1: /* past note off */ +- for (t=0;t<md_sngchn;t++) ++ for (t=0;t<NUMVOICES(mod);t++) + if (mod->voice[t].master==a) { + mod->voice[t].main.keyoff|=KEY_OFF; + if ((!(mod->voice[t].venv.flg & EF_ON))|| +@@ -2263,7 +2265,7 @@ + } + break; + case 0x2: /* past note fade */ +- for (t=0;t<md_sngchn;t++) ++ for (t=0;t<NUMVOICES(mod);t++) + if (mod->voice[t].master==a) + mod->voice[t].main.keyoff|=KEY_FADE; + break; +@@ -2318,7 +2320,7 @@ + SAMPLE *s; + + mod->totalchn=mod->realchn=0; +- for (channel=0;channel<md_sngchn;channel++) { ++ for (channel=0;channel<NUMVOICES(mod);channel++) { + aout=&mod->voice[channel]; + i=aout->main.i; + s=aout->main.s; +@@ -2736,7 +2738,7 @@ + if (a->dct!=DCT_OFF) { + int t; + +- for (t=0;t<md_sngchn;t++) ++ for (t=0;t<NUMVOICES(mod);t++) + if ((!Voice_Stopped_internal(t))&& + (mod->voice[t].masterchn==channel)&& + (a->main.sample==mod->voice[t].main.sample)) { +@@ -2978,6 +2980,11 @@ + if (!(mod->voice=(MP_VOICE*)_mm_calloc(md_sngchn,sizeof(MP_VOICE)))) + return 1; + ++ /* mod->numvoices was used during loading to clamp md_sngchn. ++ After loading it's used to remember how big mod->voice is. ++ */ ++ mod->numvoices = md_sngchn; ++ + Player_Init_internal(mod); + return 0; + } +@@ -3086,7 +3093,7 @@ + pf->patbrk=0; + pf->vbtick=pf->sngspd; + +- for (t=0;t<md_sngchn;t++) { ++ for (t=0;t<NUMVOICES(pf);t++) { + Voice_Stop_internal(t); + pf->voice[t].main.i=NULL; + pf->voice[t].main.s=NULL; +@@ -3111,7 +3118,7 @@ + pf->patbrk=0; + pf->vbtick=pf->sngspd; + +- for (t=0;t<md_sngchn;t++) { ++ for (t=0;t<NUMVOICES(pf);t++) { + Voice_Stop_internal(t); + pf->voice[t].main.i=NULL; + pf->voice[t].main.s=NULL; +@@ -3138,7 +3145,7 @@ + pf->sngpos=pos; + pf->vbtick=pf->sngspd; + +- for (t=0;t<md_sngchn;t++) { ++ for (t=0;t<NUMVOICES(pf);t++) { + Voice_Stop_internal(t); + pf->voice[t].main.i=NULL; + pf->voice[t].main.s=NULL; |