-
Notifications
You must be signed in to change notification settings - Fork 41
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix invalid memory accesses and add missing checks in src/dtm.cpp
There are several issues when loading .dtm files which can lead to invalid memory accesses. This patch fixes the following: * In CdtmLoader::load(), ensure that title and author strings are properly terminated to avoid out-of-bounds reads. * Check that the number of instruments is valid. This avoids a heap-based buffer overflow (see issue #86). * Reading the description string could overflow a stack buffer by 1 byte and write past the end of the array into an adjacent class member (which is only initialized later). Get rid of the stack buffer and truncate the description if necessary. * Fail loading when an error is detected while trying to read data from the file or while decoding RLE data. * Check the argument of CdtmLoader::getinstrument() to avoid out-of-bound accesses. This fixes CVE-2019-14691. Fixes: #86
- Loading branch information
1 parent
d7f3a04
commit b48ac59
Showing
1 changed file
with
34 additions
and
13 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters