diff options
Diffstat (limited to 'media-sound/milkytracker/files/milkytracker-1.02.00-CVE-2019-1449x.patch')
-rw-r--r-- | media-sound/milkytracker/files/milkytracker-1.02.00-CVE-2019-1449x.patch | 104 |
1 files changed, 0 insertions, 104 deletions
diff --git a/media-sound/milkytracker/files/milkytracker-1.02.00-CVE-2019-1449x.patch b/media-sound/milkytracker/files/milkytracker-1.02.00-CVE-2019-1449x.patch deleted file mode 100644 index 0560cd2b825b..000000000000 --- a/media-sound/milkytracker/files/milkytracker-1.02.00-CVE-2019-1449x.patch +++ /dev/null @@ -1,104 +0,0 @@ -This patch is from upstream: -https://github.com/milkytracker/MilkyTracker/commit/ea7772a3fae0a9dd0a322e8fec441d15843703b7 - -commit ea7772a3fae0a9dd0a322e8fec441d15843703b7 -Author: Christopher O'Neill <code@chrisoneill.co.uk> -Date: Tue Jul 30 18:40:03 2019 +0100 - - Fixes for buffer overflow issues #182 & #183 - -diff --git a/src/milkyplay/LoaderXM.cpp b/src/milkyplay/LoaderXM.cpp -index 108d915..f87f5c1 100644 ---- a/src/milkyplay/LoaderXM.cpp -+++ b/src/milkyplay/LoaderXM.cpp -@@ -63,8 +63,8 @@ const char* LoaderXM::identifyModule(const mp_ubyte* buffer) - mp_sint32 LoaderXM::load(XMFileBase& f, XModule* module) - { - mp_ubyte insData[230]; -- mp_sint32 smpReloc[96]; -- mp_ubyte nbu[96]; -+ mp_sint32 smpReloc[MP_MAXINSSAMPS]; -+ mp_ubyte nbu[MP_MAXINSSAMPS]; - mp_uint32 fileSize = 0; - - module->cleanUp(); -@@ -117,6 +117,8 @@ mp_sint32 LoaderXM::load(XMFileBase& f, XModule* module) - memcpy(header->ord, hdrBuff+16, 256); - if(header->ordnum > MP_MAXORDERS) - header->ordnum = MP_MAXORDERS; -+ if(header->insnum > MP_MAXINS) -+ return MP_LOADER_FAILED; - - delete[] hdrBuff; - -@@ -143,7 +145,7 @@ mp_sint32 LoaderXM::load(XMFileBase& f, XModule* module) - f.read(&instr[y].type,1,1); - mp_uword numSamples = 0; - f.readWords(&numSamples,1); -- if(numSamples > 96) -+ if(numSamples > MP_MAXINSSAMPS) - return MP_LOADER_FAILED; - instr[y].samp = numSamples; - -@@ -169,8 +171,8 @@ mp_sint32 LoaderXM::load(XMFileBase& f, XModule* module) - if (instr[y].samp) { - mp_ubyte* insDataPtr = insData; - -- memcpy(nbu, insDataPtr, 96); -- insDataPtr+=96; -+ memcpy(nbu, insDataPtr, MP_MAXINSSAMPS); -+ insDataPtr+=MP_MAXINSSAMPS; - - TEnvelope venv; - TEnvelope penv; -@@ -285,7 +287,7 @@ mp_sint32 LoaderXM::load(XMFileBase& f, XModule* module) - - instr[y].samp = g; - -- for (sc = 0; sc < 96; sc++) { -+ for (sc = 0; sc < MP_MAXINSSAMPS; sc++) { - if (smpReloc[nbu[sc]] == -1) - instr[y].snum[sc] = -1; - else -@@ -491,6 +493,8 @@ mp_sint32 LoaderXM::load(XMFileBase& f, XModule* module) - f.read(&instr[y].type,1,1); - f.readWords(&instr[y].samp,1); - } -+ if (instr[y].samp > MP_MAXINSSAMPS) -+ return MP_LOADER_FAILED; - - //printf("%i, %i\n", instr[y].size, instr[y].samp); - -@@ -532,8 +536,8 @@ mp_sint32 LoaderXM::load(XMFileBase& f, XModule* module) - - //f.read(&nbu,1,96); - -- memcpy(nbu, insDataPtr, 96); -- insDataPtr+=96; -+ memcpy(nbu, insDataPtr, MP_MAXINSSAMPS); -+ insDataPtr+=MP_MAXINSSAMPS; - - TEnvelope venv; - TEnvelope penv; -@@ -650,7 +654,7 @@ mp_sint32 LoaderXM::load(XMFileBase& f, XModule* module) - - instr[y].samp = g; - -- for (sc = 0; sc < 96; sc++) { -+ for (sc = 0; sc < MP_MAXINSSAMPS; sc++) { - if (smpReloc[nbu[sc]] == -1) - instr[y].snum[sc] = -1; - else -diff --git a/src/milkyplay/XModule.h b/src/milkyplay/XModule.h -index f42d04b..4f04a2d 100644 ---- a/src/milkyplay/XModule.h -+++ b/src/milkyplay/XModule.h -@@ -40,6 +40,8 @@ - - #define MP_MAXTEXT 32 - #define MP_MAXORDERS 256 -+#define MP_MAXINS 255 -+#define MP_MAXINSSAMPS 96 - - struct TXMHeader - { |