Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add missing checks while loading .bmf files (CxadbmfPlayer, src/bmf.cpp)
There are no checks validating the integrity of .bmf files in the methods CxadbmfPlayer::xadplayer_load() and CxadbmfPlayer::__bmf_convert_stream() used to load them. A broken or malicious .bmf file can easily cause invalid memory accesses. This commit addresses the following issues: * Add checks whether the input buffer has enough data available before accessing it in many places. Abort loading otherwise. * Replace unlimited strcpy for instrument names with code that doesn't overflow the destination buffer. * Check index when loading instrument data in BMF0_9B files. * Fail loading if number of streams encoded in version BMF0_9B files exceeds the maximum. * Don't overflow buffer if stream is too long. This fixes CVE-2019-14690. Fixes: #85 Fixes: #93
- Loading branch information
1 parent
a4c53e5
commit d7f3a04
Showing
2 changed files
with
122 additions
and
66 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters