Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add missing checks when loading and playing .mkj files
Fix the following issues in src/mkj.cpp: * Check number of channels before loading instruments data. This fixes a heap-based buffer overflow in CmkjPlayer::load() (issue #87). * Check number of notes befor calculating size of song data to avoid interger overflows as well as out-of-bounds reads later in update(). (Size of song data vs. used data is really hilarious, but that's the way it is.) * Fail loading if there was an error while reading file data. * Also in update(), end the song if invalid data is encountered. That avoids integer overflows or out-of-range OPL writes. This commit fixes CVE-2019-14692. Fixes: #87
- Loading branch information
1 parent
b48ac59
commit b5fb32c
Showing
1 changed file
with
26 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters