[audacious-plugins/f14/master] - Patch adplug core loaders a bit to prevent stupid crashes when loading either damaged or incorre

Michael Schwendt mschwendt at fedoraproject.org
Mon Jan 17 12:58:30 UTC 2011 

commit 2baf6ce95d5a8d7e050297f2a5034863f389698c
Author: Michael Schwendt <mschwendt at fedoraproject.org>
Date:   Mon Jan 17 13:58:18 2011 +0100

    - Patch adplug core loaders a bit to prevent stupid crashes when
      loading either damaged or incorrectly parsed files into the playlist.
    - Require at least Audacious 2.4.3 (for uri_to_filename).

 audacious-plugins-2.4.3-adplug-invalid.patch |   87 ++++++++++++++++++++++++++
 audacious-plugins.spec                       |    9 ++-
 2 files changed, 94 insertions(+), 2 deletions(-)
---
diff --git a/audacious-plugins-2.4.3-adplug-invalid.patch b/audacious-plugins-2.4.3-adplug-invalid.patch
new file mode 100644
index 0000000..459feb5
--- /dev/null
+++ b/audacious-plugins-2.4.3-adplug-invalid.patch
@@ -0,0 +1,87 @@
+diff -Nur audacious-plugins-2.4.3-orig/src/adplug/core/protrack.cxx audacious-plugins-2.4.3/src/adplug/core/protrack.cxx
+--- audacious-plugins-2.4.3-orig/src/adplug/core/protrack.cxx	2011-01-12 12:13:26.000000000 +0100
++++ audacious-plugins-2.4.3/src/adplug/core/protrack.cxx	2011-01-17 13:19:00.741968142 +0100
+@@ -266,6 +266,10 @@
+     else
+       track--;
+ 
++    if (track >= npats*nchans) {  // prevent overflow
++        songend = 1;
++        return !songend;
++    }
+     AdPlug_LogWrite ("%3d%3d%2X%2X%2X|", tracks[track][row].note,
+                      tracks[track][row].inst, tracks[track][row].command,
+                      tracks[track][row].param1, tracks[track][row].param2);
+diff -Nur audacious-plugins-2.4.3-orig/src/adplug/core/rol.cxx audacious-plugins-2.4.3/src/adplug/core/rol.cxx
+--- audacious-plugins-2.4.3-orig/src/adplug/core/rol.cxx	2011-01-12 12:13:26.000000000 +0100
++++ audacious-plugins-2.4.3/src/adplug/core/rol.cxx	2011-01-17 13:42:22.000000000 +0100
+@@ -257,6 +257,9 @@
+     TVolumeEvents      &vEvents = voiceData.volume_events;
+     TPitchEvents       &pEvents = voiceData.pitch_events;
+ 
++    if (iEvents.empty()) {
++        return;  // prevent out-of-bounds access
++    }
+     if( !(voiceData.mEventStatus & CVoiceData::kES_InstrEnd ) &&
+         iEvents[voiceData.next_instrument_event].time == mCurrTick )
+     {
+@@ -271,6 +274,9 @@
+         }
+     }
+ 
++    if (vEvents.empty()) {
++        return;  // prevent out-of-bounds access
++    }
+     if( !(voiceData.mEventStatus & CVoiceData::kES_VolumeEnd ) &&
+         vEvents[voiceData.next_volume_event].time == mCurrTick )
+     {
+@@ -314,6 +320,9 @@
+         }
+     }
+ 
++    if (pEvents.empty()) {
++        return;  // prevent out-of-bounds access
++    }
+     if( !(voiceData.mEventStatus & CVoiceData::kES_PitchEnd ) &&
+         pEvents[voiceData.next_pitch_event].time == mCurrTick )
+     {
+@@ -454,6 +463,9 @@
+ {
+     int16 const num_tempo_events = f->readInt( 2 );
+ 
++    if (num_tempo_events<0) {
++        return;
++    }
+     mTempoEvents.reserve( num_tempo_events );
+ 
+     for(int i=0; i<num_tempo_events; ++i)
+@@ -538,6 +550,9 @@
+                                          binistream *bnk_file, SBnkHeader const &bnk_header )
+ {
+     int16 const number_of_instrument_events = f->readInt( 2 );
++    if (number_of_instrument_events<0) {
++        return;
++    }
+ 
+     TInstrumentEvents &instrument_events = voice.instrument_events;
+ 
+@@ -563,6 +578,9 @@
+ void CrolPlayer::load_volume_events( binistream *f, CVoiceData &voice )
+ {
+     int16 const number_of_volume_events = f->readInt( 2 );
++    if (number_of_volume_events<0) {
++        return;
++    }
+ 
+     TVolumeEvents &volume_events = voice.volume_events;
+ 
+@@ -583,6 +601,9 @@
+ void CrolPlayer::load_pitch_events( binistream *f, CVoiceData &voice )
+ {
+     int16 const number_of_pitch_events = f->readInt( 2 );
++    if (number_of_pitch_events<0) {
++        return;
++    }
+ 
+     TPitchEvents &pitch_events = voice.pitch_events;
+ 
diff --git a/audacious-plugins.spec b/audacious-plugins.spec
index 4e4e76a..e1dbe39 100644
--- a/audacious-plugins.spec
+++ b/audacious-plugins.spec
@@ -6,7 +6,7 @@
 
 Name: audacious-plugins
 Version: 2.4.3
-Release: 2%{?dist}
+Release: 1%{?dist}.pl1
 Summary: Plugins for the Audacious audio player
 Group: Applications/Multimedia
 URL: http://audacious-media-player.org/
@@ -24,6 +24,8 @@ Source1: audacious-sid.desktop
 Patch0: audacious-plugins-2.0.1-xmms-skindir.patch
 # Fedora customization: fix hardcoded libdir replacement
 Patch1: audacious-plugins-2.4-libdir.patch
+# reported/mentioned upstream
+Patch2: audacious-plugins-2.4.3-adplug-invalid.patch
 #
 Patch8: audacious-plugins-2.4.2-libnotify07.patch
 
@@ -133,6 +135,7 @@ providers may build it with libsidplay 2 instead.
 %setup -q -n audacious-plugins-fedora-%{version}
 %patch0 -p1 -b .xmms-skindir
 %patch1 -p1 -b .libdir
+%patch2 -p1 -b .adplug-invalid
 %if 0%{?fedora} > 14
 %patch8 -p1 -b .libnotify07
 %endif
@@ -225,7 +228,9 @@ update-desktop-database &> /dev/null || :
 
 
 %changelog
-* Sun Jan 16 2011 Michael Schwendt <mschwendt at fedoraproject.org> - 2.4.3-2
+* Mon Jan 17 2011 Michael Schwendt <mschwendt at fedoraproject.org> - 2.4.3-1.pl1
+- Patch adplug core loaders a bit to prevent stupid crashes when
+  loading either damaged or incorrectly parsed files into the playlist.
 - Require at least Audacious 2.4.3 (for uri_to_filename).
 
 * Fri Jan 14 2011 Michael Schwendt <mschwendt at fedoraproject.org> - 2.4.3-1

More information about the scm-commits mailing list