[audacious-plugins/f14/master] - Patch adplug core loaders a bit to prevent stupid crashes when loading either damaged or incorre
Michael Schwendt
mschwendt at fedoraproject.org
Mon Jan 17 12:58:30 UTC 2011
commit 2baf6ce95d5a8d7e050297f2a5034863f389698c
Author: Michael Schwendt <mschwendt at fedoraproject.org>
Date: Mon Jan 17 13:58:18 2011 +0100
- Patch adplug core loaders a bit to prevent stupid crashes when
loading either damaged or incorrectly parsed files into the playlist.
- Require at least Audacious 2.4.3 (for uri_to_filename).
audacious-plugins-2.4.3-adplug-invalid.patch | 87 ++++++++++++++++++++++++++
audacious-plugins.spec | 9 ++-
2 files changed, 94 insertions(+), 2 deletions(-)
---
diff --git a/audacious-plugins-2.4.3-adplug-invalid.patch b/audacious-plugins-2.4.3-adplug-invalid.patch
new file mode 100644
index 0000000..459feb5
--- /dev/null
+++ b/audacious-plugins-2.4.3-adplug-invalid.patch
@@ -0,0 +1,87 @@
+diff -Nur audacious-plugins-2.4.3-orig/src/adplug/core/protrack.cxx audacious-plugins-2.4.3/src/adplug/core/protrack.cxx
+--- audacious-plugins-2.4.3-orig/src/adplug/core/protrack.cxx 2011-01-12 12:13:26.000000000 +0100
++++ audacious-plugins-2.4.3/src/adplug/core/protrack.cxx 2011-01-17 13:19:00.741968142 +0100
+@@ -266,6 +266,10 @@
+ else
+ track--;
+
++ if (track >= npats*nchans) { // prevent overflow
++ songend = 1;
++ return !songend;
++ }
+ AdPlug_LogWrite ("%3d%3d%2X%2X%2X|", tracks[track][row].note,
+ tracks[track][row].inst, tracks[track][row].command,
+ tracks[track][row].param1, tracks[track][row].param2);
+diff -Nur audacious-plugins-2.4.3-orig/src/adplug/core/rol.cxx audacious-plugins-2.4.3/src/adplug/core/rol.cxx
+--- audacious-plugins-2.4.3-orig/src/adplug/core/rol.cxx 2011-01-12 12:13:26.000000000 +0100
++++ audacious-plugins-2.4.3/src/adplug/core/rol.cxx 2011-01-17 13:42:22.000000000 +0100
+@@ -257,6 +257,9 @@
+ TVolumeEvents &vEvents = voiceData.volume_events;
+ TPitchEvents &pEvents = voiceData.pitch_events;
+
++ if (iEvents.empty()) {
++ return; // prevent out-of-bounds access
++ }
+ if( !(voiceData.mEventStatus & CVoiceData::kES_InstrEnd ) &&
+ iEvents[voiceData.next_instrument_event].time == mCurrTick )
+ {
+@@ -271,6 +274,9 @@
+ }
+ }
+
++ if (vEvents.empty()) {
++ return; // prevent out-of-bounds access
++ }
+ if( !(voiceData.mEventStatus & CVoiceData::kES_VolumeEnd ) &&
+ vEvents[voiceData.next_volume_event].time == mCurrTick )
+ {
+@@ -314,6 +320,9 @@
+ }
+ }
+
++ if (pEvents.empty()) {
++ return; // prevent out-of-bounds access
++ }
+ if( !(voiceData.mEventStatus & CVoiceData::kES_PitchEnd ) &&
+ pEvents[voiceData.next_pitch_event].time == mCurrTick )
+ {
+@@ -454,6 +463,9 @@
+ {
+ int16 const num_tempo_events = f->readInt( 2 );
+
++ if (num_tempo_events<0) {
++ return;
++ }
+ mTempoEvents.reserve( num_tempo_events );
+
+ for(int i=0; i<num_tempo_events; ++i)
+@@ -538,6 +550,9 @@
+ binistream *bnk_file, SBnkHeader const &bnk_header )
+ {
+ int16 const number_of_instrument_events = f->readInt( 2 );
++ if (number_of_instrument_events<0) {
++ return;
++ }
+
+ TInstrumentEvents &instrument_events = voice.instrument_events;
+
+@@ -563,6 +578,9 @@
+ void CrolPlayer::load_volume_events( binistream *f, CVoiceData &voice )
+ {
+ int16 const number_of_volume_events = f->readInt( 2 );
++ if (number_of_volume_events<0) {
++ return;
++ }
+
+ TVolumeEvents &volume_events = voice.volume_events;
+
+@@ -583,6 +601,9 @@
+ void CrolPlayer::load_pitch_events( binistream *f, CVoiceData &voice )
+ {
+ int16 const number_of_pitch_events = f->readInt( 2 );
++ if (number_of_pitch_events<0) {
++ return;
++ }
+
+ TPitchEvents &pitch_events = voice.pitch_events;
+
diff --git a/audacious-plugins.spec b/audacious-plugins.spec
index 4e4e76a..e1dbe39 100644
--- a/audacious-plugins.spec
+++ b/audacious-plugins.spec
@@ -6,7 +6,7 @@
Name: audacious-plugins
Version: 2.4.3
-Release: 2%{?dist}
+Release: 1%{?dist}.pl1
Summary: Plugins for the Audacious audio player
Group: Applications/Multimedia
URL: http://audacious-media-player.org/
@@ -24,6 +24,8 @@ Source1: audacious-sid.desktop
Patch0: audacious-plugins-2.0.1-xmms-skindir.patch
# Fedora customization: fix hardcoded libdir replacement
Patch1: audacious-plugins-2.4-libdir.patch
+# reported/mentioned upstream
+Patch2: audacious-plugins-2.4.3-adplug-invalid.patch
#
Patch8: audacious-plugins-2.4.2-libnotify07.patch
@@ -133,6 +135,7 @@ providers may build it with libsidplay 2 instead.
%setup -q -n audacious-plugins-fedora-%{version}
%patch0 -p1 -b .xmms-skindir
%patch1 -p1 -b .libdir
+%patch2 -p1 -b .adplug-invalid
%if 0%{?fedora} > 14
%patch8 -p1 -b .libnotify07
%endif
@@ -225,7 +228,9 @@ update-desktop-database &> /dev/null || :
%changelog
-* Sun Jan 16 2011 Michael Schwendt <mschwendt at fedoraproject.org> - 2.4.3-2
+* Mon Jan 17 2011 Michael Schwendt <mschwendt at fedoraproject.org> - 2.4.3-1.pl1
+- Patch adplug core loaders a bit to prevent stupid crashes when
+ loading either damaged or incorrectly parsed files into the playlist.
- Require at least Audacious 2.4.3 (for uri_to_filename).
* Fri Jan 14 2011 Michael Schwendt <mschwendt at fedoraproject.org> - 2.4.3-1
More information about the scm-commits
mailing list