Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix invalid memory accesses while loading .a2m files
Missing checks and wrong calculations in src/a2m.cpp cause multiple heap-based buffer overflows and out-of-bounds reads in heap, stack, and static data. Bugs addressed in this commit: * Check the number of patterns. Too big values can cause reads past the end of the len array. * Reading a not packed data block with odd length will allocate a buffer which is one byte too small and write past the end of it (issue #88). Change the allocation/deallocation code to fix that in both places. * Check that data blocks (afer unpacking if applicable) are big enough for the expected data before accessing the memory. * Ensure that the length byte for author, song name, and instrument names doesn't exceed the maximum size available. * Also change the accessor functions for these strings to call the proper std::string constructors for char arrays. * Avoid reads past the end of convfx/newconvfx arrays while converting track data. This commit fixes CVE-2019-14732. Fixes: #88
- Loading branch information
1 parent
b5fb32c
commit 30ddcfe
Showing
2 changed files
with
47 additions
and
25 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters