111 lines
3 KiB
Diff
111 lines
3 KiB
Diff
This patch fixes "buffer overflow due to md_numchn - ID: 1630158"
|
|
|
|
--- playercode/mplayer.c 2007-12-15 01:26:28.000000000 -0800
|
|
+++ playercode/mplayer.c 2009-10-04 23:48:36.000000000 -0700
|
|
@@ -52,6 +52,8 @@
|
|
will wait */
|
|
/*static*/ MODULE *pf = NULL;
|
|
|
|
+#define NUMVOICES(mod) (md_sngchn < (mod)->numvoices ? md_sngchn : (mod)->numvoices)
|
|
+
|
|
#define HIGH_OCTAVE 2 /* number of above-range octaves */
|
|
|
|
static UWORD oldperiods[OCTAVE*2]={
|
|
@@ -248,14 +250,14 @@
|
|
MP_VOICE *a;
|
|
ULONG t,k,tvol,pp;
|
|
|
|
- for (t=0;t<md_sngchn;t++)
|
|
+ for (t=0;t<NUMVOICES(mod);t++)
|
|
if (((mod->voice[t].main.kick==KICK_ABSENT)||
|
|
(mod->voice[t].main.kick==KICK_ENV))&&
|
|
Voice_Stopped_internal(t))
|
|
return t;
|
|
|
|
tvol=0xffffffUL;t=-1;a=mod->voice;
|
|
- for (k=0;k<md_sngchn;k++,a++) {
|
|
+ for (k=0;k<NUMVOICES(mod);k++,a++) {
|
|
/* allow us to take over a nonexisting sample */
|
|
if (!a->main.s)
|
|
return k;
|
|
@@ -2249,12 +2251,12 @@
|
|
|
|
switch (dat) {
|
|
case 0x0: /* past note cut */
|
|
- for (t=0;t<md_sngchn;t++)
|
|
+ for (t=0;t<NUMVOICES(mod);t++)
|
|
if (mod->voice[t].master==a)
|
|
mod->voice[t].main.fadevol=0;
|
|
break;
|
|
case 0x1: /* past note off */
|
|
- for (t=0;t<md_sngchn;t++)
|
|
+ for (t=0;t<NUMVOICES(mod);t++)
|
|
if (mod->voice[t].master==a) {
|
|
mod->voice[t].main.keyoff|=KEY_OFF;
|
|
if ((!(mod->voice[t].venv.flg & EF_ON))||
|
|
@@ -2263,7 +2265,7 @@
|
|
}
|
|
break;
|
|
case 0x2: /* past note fade */
|
|
- for (t=0;t<md_sngchn;t++)
|
|
+ for (t=0;t<NUMVOICES(mod);t++)
|
|
if (mod->voice[t].master==a)
|
|
mod->voice[t].main.keyoff|=KEY_FADE;
|
|
break;
|
|
@@ -2318,7 +2320,7 @@
|
|
SAMPLE *s;
|
|
|
|
mod->totalchn=mod->realchn=0;
|
|
- for (channel=0;channel<md_sngchn;channel++) {
|
|
+ for (channel=0;channel<NUMVOICES(mod);channel++) {
|
|
aout=&mod->voice[channel];
|
|
i=aout->main.i;
|
|
s=aout->main.s;
|
|
@@ -2736,7 +2738,7 @@
|
|
if (a->dct!=DCT_OFF) {
|
|
int t;
|
|
|
|
- for (t=0;t<md_sngchn;t++)
|
|
+ for (t=0;t<NUMVOICES(mod);t++)
|
|
if ((!Voice_Stopped_internal(t))&&
|
|
(mod->voice[t].masterchn==channel)&&
|
|
(a->main.sample==mod->voice[t].main.sample)) {
|
|
@@ -2978,6 +2980,11 @@
|
|
if (!(mod->voice=(MP_VOICE*)_mm_calloc(md_sngchn,sizeof(MP_VOICE))))
|
|
return 1;
|
|
|
|
+ /* mod->numvoices was used during loading to clamp md_sngchn.
|
|
+ After loading it's used to remember how big mod->voice is.
|
|
+ */
|
|
+ mod->numvoices = md_sngchn;
|
|
+
|
|
Player_Init_internal(mod);
|
|
return 0;
|
|
}
|
|
@@ -3086,7 +3093,7 @@
|
|
pf->patbrk=0;
|
|
pf->vbtick=pf->sngspd;
|
|
|
|
- for (t=0;t<md_sngchn;t++) {
|
|
+ for (t=0;t<NUMVOICES(pf);t++) {
|
|
Voice_Stop_internal(t);
|
|
pf->voice[t].main.i=NULL;
|
|
pf->voice[t].main.s=NULL;
|
|
@@ -3111,7 +3118,7 @@
|
|
pf->patbrk=0;
|
|
pf->vbtick=pf->sngspd;
|
|
|
|
- for (t=0;t<md_sngchn;t++) {
|
|
+ for (t=0;t<NUMVOICES(pf);t++) {
|
|
Voice_Stop_internal(t);
|
|
pf->voice[t].main.i=NULL;
|
|
pf->voice[t].main.s=NULL;
|
|
@@ -3138,7 +3145,7 @@
|
|
pf->sngpos=pos;
|
|
pf->vbtick=pf->sngspd;
|
|
|
|
- for (t=0;t<md_sngchn;t++) {
|
|
+ for (t=0;t<NUMVOICES(pf);t++) {
|
|
Voice_Stop_internal(t);
|
|
pf->voice[t].main.i=NULL;
|
|
pf->voice[t].main.s=NULL;
|