blob: d59522d6d1d040882d4a0f5c5e0230cd78fbdbdd (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
This patch is from upstream:
https://github.com/milkytracker/MilkyTracker/commit/fd607a3439fcdd0992e5efded3c16fc79c804e34
commit fd607a3439fcdd0992e5efded3c16fc79c804e34
Author: Christopher O'Neill <code@chrisoneill.co.uk>
Date: Tue Jul 30 19:11:58 2019 +0100
Fix #184: Heap overflow in S3M loader
diff --git a/src/milkyplay/LoaderS3M.cpp b/src/milkyplay/LoaderS3M.cpp
index 5abf211..edf0fd5 100644
--- a/src/milkyplay/LoaderS3M.cpp
+++ b/src/milkyplay/LoaderS3M.cpp
@@ -340,7 +340,11 @@ mp_sint32 LoaderS3M::load(XMFileBase& f, XModule* module)
return MP_OUT_OF_MEMORY;
header->insnum = f.readWord(); // number of instruments
- header->patnum = f.readWord(); // number of patterns
+ if (header->insnum > MP_MAXINS)
+ return MP_LOADER_FAILED;
+ header->patnum = f.readWord(); // number of patterns
+ if (header->patnum > 256)
+ return MP_LOADER_FAILED;
mp_sint32 flags = f.readWord(); // st3 flags
|
GitWeb
