From 6449bc9af2c0962e6f669f0cf3c6e44c92acada7 Mon Sep 17 00:00:00 2001 From: tildearrow Date: Mon, 1 Jul 2024 05:44:28 -0500 Subject: [PATCH] S3M/IT/XM import: hardening --- src/engine/fileOps/it.cpp | 13 +++++++++++-- src/engine/fileOps/s3m.cpp | 7 ++++++- src/engine/fileOps/xm.cpp | 22 +++++++++++++++------- 3 files changed, 32 insertions(+), 10 deletions(-) diff --git a/src/engine/fileOps/it.cpp b/src/engine/fileOps/it.cpp index e54ea6534..908c01819 100644 --- a/src/engine/fileOps/it.cpp +++ b/src/engine/fileOps/it.cpp @@ -547,7 +547,7 @@ bool DivEngine::loadIT(unsigned char* file, size_t len) { reader.read(magic,4); if (memcmp(magic,"IMPS",4)!=0) { - logE("invalid sample header!"); + logW("invalid sample header!"); lastError="invalid sample header"; delete s; delete[] file; @@ -575,7 +575,16 @@ bool DivEngine::loadIT(unsigned char* file, size_t len) { s->depth=DIV_SAMPLE_DEPTH_8BIT; } - s->init((unsigned int)reader.readI()); + unsigned int sampleLen=reader.readI(); + + if (sampleLen>16777216) { + logE("abnormal sample size! %x",reader.tell()); + lastError="bad sample size"; + delete[] file; + return false; + } + + s->init(sampleLen); s->loopStart=reader.readI(); s->loopEnd=reader.readI(); s->centerRate=reader.readI()/2; diff --git a/src/engine/fileOps/s3m.cpp b/src/engine/fileOps/s3m.cpp index 9f041ec11..38cda26d1 100644 --- a/src/engine/fileOps/s3m.cpp +++ b/src/engine/fileOps/s3m.cpp @@ -414,7 +414,12 @@ bool DivEngine::loadS3M(unsigned char* file, size_t len) { unsigned int length=reader.readI(); - logV("length: %x",length); + if (length>16777216) { + logE("abnormal sample size! %x",reader.tell()); + lastError="bad sample size"; + delete[] file; + return false; + } DivSample* s=new DivSample; diff --git a/src/engine/fileOps/xm.cpp b/src/engine/fileOps/xm.cpp index d0353bf77..a7f638b9b 100644 --- a/src/engine/fileOps/xm.cpp +++ b/src/engine/fileOps/xm.cpp @@ -204,6 +204,20 @@ bool DivEngine::loadXM(unsigned char* file, size_t len) { double bpm=(unsigned short)reader.readS(); ds.subsong[0]->hz=(double)bpm/2.5; + if (ordersLen>256) { + logE("invalid order count!"); + lastError="invalid order count"; + delete[] file; + return false; + } + + if (patCount>256) { + logE("too many patterns!"); + lastError="too many patterns"; + delete[] file; + return false; + } + if (ds.insLen<0 || ds.insLen>256) { logE("invalid instrument count!"); lastError="invalid instrument count"; @@ -435,8 +449,6 @@ bool DivEngine::loadXM(unsigned char* file, size_t len) { headerSeek=reader.tell(); headerSeek+=reader.readI(); - logV("the freaking thing ends at %x",headerSeek); - ins->name=reader.readStringLatin1(22); ins->type=DIV_INS_ES5506; ins->amiga.useNoteMap=true; @@ -493,11 +505,7 @@ bool DivEngine::loadXM(unsigned char* file, size_t len) { unsigned short volFade=reader.readS(); reader.readS(); // reserved - logV("%d",vibType); - logV("%d",vibSweep); - logV("%d",vibDepth); - logV("%d",vibRate); - logV("volFade: %d",volFade); + logV("vibrato: %d %d %d %d",vibType,vibSweep,vibDepth,vibRate); // convert envelopes readEnvelope(ins,0,volType,volEnvLen,volLoopStart,volLoopEnd,volSusPoint,volEnv);