2886
|
1 |
--- libmikmod-3.2.0-beta2/loaders/load_it.c.orig 2010-07-22 16:02:16.000000000 +0200
|
|
2 |
+++ libmikmod-3.2.0-beta2-patch/loaders/load_it.c 2010-07-22 16:07:48.000000000 +0200
|
|
3 |
@@ -743,6 +743,8 @@ BOOL IT_Load(BOOL curious)
|
|
4 |
#define IT_LoadEnvelope(name,type) \
|
|
5 |
ih. name##flg =_mm_read_UBYTE(modreader); \
|
|
6 |
ih. name##pts =_mm_read_UBYTE(modreader); \
|
|
7 |
+ if (ih. name##pts > ITENVCNT) \
|
|
8 |
+ ih. name##pts = ITENVCNT; \
|
|
9 |
ih. name##beg =_mm_read_UBYTE(modreader); \
|
|
10 |
ih. name##end =_mm_read_UBYTE(modreader); \
|
|
11 |
ih. name##susbeg=_mm_read_UBYTE(modreader); \
|
|
12 |
@@ -756,6 +758,8 @@ BOOL IT_Load(BOOL curious)
|
|
13 |
#define IT_LoadEnvelope(name,type) \
|
|
14 |
ih. name/**/flg =_mm_read_UBYTE(modreader); \
|
|
15 |
ih. name/**/pts =_mm_read_UBYTE(modreader); \
|
|
16 |
+ if (ih. name/**/pts > ITENVCNT) \
|
|
17 |
+ ih. name/**/pts = ITENVCNT; \
|
|
18 |
ih. name/**/beg =_mm_read_UBYTE(modreader); \
|
|
19 |
ih. name/**/end =_mm_read_UBYTE(modreader); \
|
|
20 |
ih. name/**/susbeg=_mm_read_UBYTE(modreader); \
|
|
21 |
@@ -862,10 +866,6 @@ BOOL IT_Load(BOOL curious)
|
|
22 |
#endif
|
|
23 |
|
|
24 |
IT_ProcessEnvelope(vol);
|
|
25 |
- /* fix for CVE-2009-3995 */
|
|
26 |
- if (ih.volpts>= ENVPOINTS)
|
|
27 |
- ih.volpts = ENVPOINTS-1;
|
|
28 |
-
|
|
29 |
for(u=0;u<ih.volpts;u++)
|
|
30 |
d->volenv[u].val=(ih.volnode[u]<<2);
|
|
31 |
|