Fix heap buffer overflow in MXM loader

See issue #35. Fixes id_000089,sig_06,src_000041,op_havoc,rep_64
milkytracker · Oct 17, 2017 · 40e0126 · 40e0126
1 parent a8babe6
commit 40e0126
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/src/milkyplay/LoaderMXM.cpp b/src/milkyplay/LoaderMXM.cpp
@@ -189,7 +189,11 @@ mp_sint32 LoaderMXM::load(XMFileBase& f, XModule* module)
 	MXMHeader.samples16 = f.readDword();
 	MXMHeader.lowpitch = f.readDword();
 	MXMHeader.highpitch = f.readDword();
-	f.read(MXMHeader.panpos,1,32);		
+
+	if(MXMHeader.ordnum > 256 || MXMHeader.patnum > 256 || MXMHeader.insnum > 256)
+		return MP_LOADER_FAILED;
+
+	f.read(MXMHeader.panpos,1,32);
 
 	f.read(&header->ord, 1, 256);