dfdc7a3091
Copy from multimedia:libs/libmikmod based on submit request 27748 from user tiwai OBS-URL: https://build.opensuse.org/request/show/27748 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libmikmod?expand=0&rev=12
114 lines
3.4 KiB
Diff
114 lines
3.4 KiB
Diff
This patch fixes "buffer overflow due to md_numchn - ID: 1630158"
|
|
|
|
Index: libmikmod-3.1.12/playercode/mplayer.c
|
|
===================================================================
|
|
--- libmikmod-3.1.12.orig/playercode/mplayer.c
|
|
+++ libmikmod-3.1.12/playercode/mplayer.c
|
|
@@ -52,6 +52,8 @@ extern long int random(void);
|
|
will wait */
|
|
/*static*/ MODULE *pf = NULL;
|
|
|
|
+#define NUMVOICES(mod) (md_sngchn < (mod)->numvoices ? md_sngchn : (mod)->numvoices)
|
|
+
|
|
#define HIGH_OCTAVE 2 /* number of above-range octaves */
|
|
|
|
static UWORD oldperiods[OCTAVE*2]={
|
|
@@ -248,14 +250,14 @@ static int MP_FindEmptyChannel(MODULE *m
|
|
MP_VOICE *a;
|
|
ULONG t,k,tvol,pp;
|
|
|
|
- for (t=0;t<md_sngchn;t++)
|
|
+ for (t=0;t<NUMVOICES(mod);t++)
|
|
if (((mod->voice[t].main.kick==KICK_ABSENT)||
|
|
(mod->voice[t].main.kick==KICK_ENV))&&
|
|
Voice_Stopped_internal(t))
|
|
return t;
|
|
|
|
tvol=0xffffffUL;t=-1;a=mod->voice;
|
|
- for (k=0;k<md_sngchn;k++,a++) {
|
|
+ for (k=0;k<NUMVOICES(mod);k++,a++) {
|
|
/* allow us to take over a nonexisting sample */
|
|
if (!a->main.s)
|
|
return k;
|
|
@@ -2249,12 +2251,12 @@ static void DoNNAEffects(MODULE *mod, MP
|
|
|
|
switch (dat) {
|
|
case 0x0: /* past note cut */
|
|
- for (t=0;t<md_sngchn;t++)
|
|
+ for (t=0;t<NUMVOICES(mod);t++)
|
|
if (mod->voice[t].master==a)
|
|
mod->voice[t].main.fadevol=0;
|
|
break;
|
|
case 0x1: /* past note off */
|
|
- for (t=0;t<md_sngchn;t++)
|
|
+ for (t=0;t<NUMVOICES(mod);t++)
|
|
if (mod->voice[t].master==a) {
|
|
mod->voice[t].main.keyoff|=KEY_OFF;
|
|
if ((!(mod->voice[t].venv.flg & EF_ON))||
|
|
@@ -2263,7 +2265,7 @@ static void DoNNAEffects(MODULE *mod, MP
|
|
}
|
|
break;
|
|
case 0x2: /* past note fade */
|
|
- for (t=0;t<md_sngchn;t++)
|
|
+ for (t=0;t<NUMVOICES(mod);t++)
|
|
if (mod->voice[t].master==a)
|
|
mod->voice[t].main.keyoff|=KEY_FADE;
|
|
break;
|
|
@@ -2318,7 +2320,7 @@ void pt_UpdateVoices(MODULE *mod, int ma
|
|
SAMPLE *s;
|
|
|
|
mod->totalchn=mod->realchn=0;
|
|
- for (channel=0;channel<md_sngchn;channel++) {
|
|
+ for (channel=0;channel<NUMVOICES(mod);channel++) {
|
|
aout=&mod->voice[channel];
|
|
i=aout->main.i;
|
|
s=aout->main.s;
|
|
@@ -2736,7 +2738,7 @@ void pt_NNA(MODULE *mod)
|
|
if (a->dct!=DCT_OFF) {
|
|
int t;
|
|
|
|
- for (t=0;t<md_sngchn;t++)
|
|
+ for (t=0;t<NUMVOICES(mod);t++)
|
|
if ((!Voice_Stopped_internal(t))&&
|
|
(mod->voice[t].masterchn==channel)&&
|
|
(a->main.sample==mod->voice[t].main.sample)) {
|
|
@@ -2978,6 +2980,11 @@ BOOL Player_Init(MODULE* mod)
|
|
if (!(mod->voice=(MP_VOICE*)_mm_calloc(md_sngchn,sizeof(MP_VOICE))))
|
|
return 1;
|
|
|
|
+ /* mod->numvoices was used during loading to clamp md_sngchn.
|
|
+ After loading it's used to remember how big mod->voice is.
|
|
+ */
|
|
+ mod->numvoices = md_sngchn;
|
|
+
|
|
Player_Init_internal(mod);
|
|
return 0;
|
|
}
|
|
@@ -3086,7 +3093,7 @@ MIKMODAPI void Player_NextPosition(void)
|
|
pf->patbrk=0;
|
|
pf->vbtick=pf->sngspd;
|
|
|
|
- for (t=0;t<md_sngchn;t++) {
|
|
+ for (t=0;t<NUMVOICES(pf);t++) {
|
|
Voice_Stop_internal(t);
|
|
pf->voice[t].main.i=NULL;
|
|
pf->voice[t].main.s=NULL;
|
|
@@ -3111,7 +3118,7 @@ MIKMODAPI void Player_PrevPosition(void)
|
|
pf->patbrk=0;
|
|
pf->vbtick=pf->sngspd;
|
|
|
|
- for (t=0;t<md_sngchn;t++) {
|
|
+ for (t=0;t<NUMVOICES(pf);t++) {
|
|
Voice_Stop_internal(t);
|
|
pf->voice[t].main.i=NULL;
|
|
pf->voice[t].main.s=NULL;
|
|
@@ -3138,7 +3145,7 @@ MIKMODAPI void Player_SetPosition(UWORD
|
|
pf->sngpos=pos;
|
|
pf->vbtick=pf->sngspd;
|
|
|
|
- for (t=0;t<md_sngchn;t++) {
|
|
+ for (t=0;t<NUMVOICES(pf);t++) {
|
|
Voice_Stop_internal(t);
|
|
pf->voice[t].main.i=NULL;
|
|
pf->voice[t].main.s=NULL;
|