Skip to content
Permalink
Browse files Browse the repository at this point in the history
[Fix] Possible out-of-bounds read when computing length of some IT fi…
…les with pattern loops (OpenMPT: formats that are converted to IT, libopenmpt: IT/ITP/MO3), caught with afl-fuzz.

git-svn-id: https://source.openmpt.org/svn/openmpt/trunk/OpenMPT@10027 56274372-70c3-4bfc-bfc3-4c3a0b034d27
  • Loading branch information
sagamusix committed Apr 7, 2018
1 parent 5449bed commit 7ebf02a
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion soundlib/Snd_fx.cpp
Expand Up @@ -1204,7 +1204,8 @@ std::vector<GetLengthType> CSoundFile::GetLength(enmGetLengthResetMode adjustMod
if(GetType() == MOD_TYPE_IT)
{
// IT pattern loop start row update - at the end of a pattern loop, set pattern loop start to next row (for upcoming pattern loops with missing SB0)
for(CHANNELINDEX nChn = 0; nChn < GetNumChannels(); nChn++)
pChn = playState.Chn;
for(CHANNELINDEX nChn = 0; nChn < GetNumChannels(); nChn++, pChn++)
{
if((pChn->rowCommand.command == CMD_S3MCMDEX && pChn->rowCommand.param >= 0xB1 && pChn->rowCommand.param <= 0xBF))
{
Expand Down

0 comments on commit 7ebf02a

Please sign in to comment.