Olaf Hering
4526e3b58c
vulnerability that could have been exploited using specially crafted SPC music files. [CVE-2016-9957, CVE-2016-9958, CVE-2016-9959, CVE-2016-9960, CVE-2016-9961, bsc#1015941] OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/libgme?expand=0&rev=14
52 lines
1.4 KiB
Diff
52 lines
1.4 KiB
Diff
diff -rubB gme-old/Spc_Cpu.h gme/Spc_Cpu.h
|
|
Index: game-music-emu-0.6.0/gme/Spc_Cpu.h
|
|
===================================================================
|
|
--- game-music-emu-0.6.0.orig/gme/Spc_Cpu.h 2016-12-16 12:06:53.981779435 +0100
|
|
+++ game-music-emu-0.6.0/gme/Spc_Cpu.h 2016-12-16 12:09:35.995506135 +0100
|
|
@@ -76,8 +76,8 @@ Inc., 51 Franklin Street, Fifth Floor, B
|
|
// TODO: remove non-wrapping versions?
|
|
#define SPC_NO_SP_WRAPAROUND 0
|
|
|
|
-#define SET_SP( v ) (sp = ram + 0x101 + (v))
|
|
-#define GET_SP() (sp - 0x101 - ram)
|
|
+#define SET_SP( v ) (sp = ram + 0x101 + ((uint8_t) v))
|
|
+#define GET_SP() (uint8_t) (sp - 0x101 - ram)
|
|
|
|
#if SPC_NO_SP_WRAPAROUND
|
|
#define PUSH16( v ) (sp -= 2, SET_LE16( sp, v ))
|
|
@@ -485,7 +485,7 @@ loop:
|
|
|
|
case 0xAF: // MOV (X)+,A
|
|
WRITE_DP( 0, x, a + no_read_before_write );
|
|
- x++;
|
|
+ x = (uint8_t) (x + 1);
|
|
goto loop;
|
|
|
|
// 5. 8-BIT LOGIC OPERATION COMMANDS
|
|
@@ -808,7 +808,7 @@ loop:
|
|
unsigned temp = y * a;
|
|
a = (uint8_t) temp;
|
|
nz = ((temp >> 1) | temp) & 0x7F;
|
|
- y = temp >> 8;
|
|
+ y = (uint8_t) (temp >> 8);
|
|
nz |= y;
|
|
goto loop;
|
|
}
|
|
@@ -838,6 +838,7 @@ loop:
|
|
|
|
nz = (uint8_t) a;
|
|
a = (uint8_t) a;
|
|
+ y = (uint8_t) y;
|
|
|
|
goto loop;
|
|
}
|
|
@@ -1004,7 +1005,7 @@ loop:
|
|
case 0x7F: // RET1
|
|
temp = *sp;
|
|
SET_PC( GET_LE16( sp + 1 ) );
|
|
- sp += 3;
|
|
+ SET_SP(GET_SP() + 3);
|
|
goto set_psw;
|
|
case 0x8E: // POP PSW
|
|
POP( temp );
|