You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
27 lines
926 B
27 lines
926 B
This patch is from upstream:
|
|
https://github.com/milkytracker/MilkyTracker/commit/fd607a3439fcdd0992e5efded3c16fc79c804e34
|
|
|
|
commit fd607a3439fcdd0992e5efded3c16fc79c804e34
|
|
Author: Christopher O'Neill <code@chrisoneill.co.uk>
|
|
Date: Tue Jul 30 19:11:58 2019 +0100
|
|
|
|
Fix #184: Heap overflow in S3M loader
|
|
|
|
diff --git a/src/milkyplay/LoaderS3M.cpp b/src/milkyplay/LoaderS3M.cpp
|
|
index 5abf211..edf0fd5 100644
|
|
--- a/src/milkyplay/LoaderS3M.cpp
|
|
+++ b/src/milkyplay/LoaderS3M.cpp
|
|
@@ -340,7 +340,11 @@ mp_sint32 LoaderS3M::load(XMFileBase& f, XModule* module)
|
|
return MP_OUT_OF_MEMORY;
|
|
|
|
header->insnum = f.readWord(); // number of instruments
|
|
- header->patnum = f.readWord(); // number of patterns
|
|
+ if (header->insnum > MP_MAXINS)
|
|
+ return MP_LOADER_FAILED;
|
|
+ header->patnum = f.readWord(); // number of patterns
|
|
+ if (header->patnum > 256)
|
|
+ return MP_LOADER_FAILED;
|
|
|
|
mp_sint32 flags = f.readWord(); // st3 flags
|
|
|