From 4bfd9de37188652afe3d91e86b971c46196ce947 Mon Sep 17 00:00:00 2001 From: Misa Date: Fri, 14 Aug 2020 02:02:16 -0700 Subject: [PATCH] Check index of tracks in musicclass::init() It's possible that musicReadBlob.getIndex() could return the sentinel value of -1 in case the header with that name is invalid, in which case we should simply not do anything. Otherwise it'll lead to segfaults. I opted to do the full bounds check just to be safe, too. For further safety, I hardcoded the max number of headers, 128, less, so 128 is copy-pasted less and in the future if it needs to be changed it'll only have to be changed in one place. --- desktop_version/src/BinaryBlob.h | 6 ++++-- desktop_version/src/Music.cpp | 11 +++++++---- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/desktop_version/src/BinaryBlob.h b/desktop_version/src/BinaryBlob.h index b2e933c9..3bd9087d 100644 --- a/desktop_version/src/BinaryBlob.h +++ b/desktop_version/src/BinaryBlob.h @@ -55,10 +55,12 @@ public: void clear(); + static const int max_headers = 128; + private: int numberofHeaders; - resourceheader m_headers[128]; - char* m_memblocks[128]; + resourceheader m_headers[max_headers]; + char* m_memblocks[max_headers]; }; diff --git a/desktop_version/src/Music.cpp b/desktop_version/src/Music.cpp index 095f6f2e..5f3d9070 100644 --- a/desktop_version/src/Music.cpp +++ b/desktop_version/src/Music.cpp @@ -80,12 +80,15 @@ void musicclass::init() #define FOREACH_TRACK(track_name) \ index = musicReadBlob.getIndex(track_name); \ - rw = SDL_RWFromMem(musicReadBlob.getAddress(index), musicReadBlob.getSize(index)); \ - musicTracks.push_back(MusicTrack( rw )); + if (index >= 0 && index < musicReadBlob.max_headers) \ + { \ + rw = SDL_RWFromMem(musicReadBlob.getAddress(index), musicReadBlob.getSize(index)); \ + musicTracks.push_back(MusicTrack( rw )); \ + } TRACK_NAMES - num_mmmmmm_tracks += 16; + num_mmmmmm_tracks += musicTracks.size(); const std::vector extra = musicReadBlob.getExtra(); for (size_t i = 0; i < extra.size(); i++) @@ -108,7 +111,7 @@ void musicclass::init() #undef FOREACH_TRACK - num_pppppp_tracks += 16; + num_pppppp_tracks += musicTracks.size() - num_mmmmmm_tracks; const std::vector extra = musicReadBlob.getExtra(); for (size_t i = 0; i < extra.size(); i++)