Oob read fixes

configure.ac

@@ -1,8 +1,8 @@
 dnl Process this file with autoconf to produce a configure script.
 
-AC_PREREQ(2.63)
+AC_PREREQ([2.71])
 
-AC_INIT([libmodplug], [0.8.9.0])
+AC_INIT([libmodplug],[0.8.9.1])
 AC_CONFIG_SRCDIR([Makefile.am])
 
 AM_INIT_AUTOMAKE
@@ -12,12 +12,6 @@ AC_CONFIG_MACRO_DIR([m4])
 AM_MAINTAINER_MODE([enable])
 
 dnl Checks for programs.
-dnl  I am disabling static libraries here because otherwise libtool insists on
-dnl  compiling everything twice -- once with and once without -fPIC.  Pisses me
-dnl  off.  Just do everything with -fPIC, damnit!  Compiling everything twice
-dnl  probably wastes more cycles than not using -fPIC saves.
-AC_DISABLE_STATIC
-AC_DISABLE_STATIC([])
 AC_PROG_CC
 AC_PROG_CXX
 AC_LANG([C++])
@@ -27,7 +21,15 @@ AC_C_BIGENDIAN
 #AC_PROG_LIBTOOL
 LT_INIT([win32-dll])
 
-AC_HEADER_STDC
+m4_warn([obsolete],
+[The preprocessor macro `STDC_HEADERS' is obsolete.
+  Except in unusual embedded environments, you can safely include all
+  ISO C90 headers unconditionally.])dnl
+# Autoupdate added the next two lines to ensure that your configure
+# script's behavior did not change.  They are probably safe to remove.
+AC_CHECK_INCLUDES_DEFAULT
+AC_PROG_EGREP
+
 AC_CHECK_HEADERS([inttypes.h stdint.h malloc.h])
 AC_CHECK_FUNCS(setenv sinf)
 
@@ -55,11 +57,8 @@ esac
 ac_save_CXXFLAGS="$CXXFLAGS"
 CXXFLAGS="$CXXFLAGS -fvisibility=hidden -Werror"
 AC_CACHE_CHECK([if compiler supports visibility attributes],[libmodplug_cv_gcc_visibility],
-	AC_TRY_COMPILE([void foo(void);
-__attribute__((visibility("default"))) void foo(void) {}],
-		[],
-		[libmodplug_cv_gcc_visibility=yes],
-		[libmodplug_cv_gcc_visibility=no])
+	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[void foo(void);
+__attribute__((visibility("default"))) void foo(void) {}]], [[]])],[libmodplug_cv_gcc_visibility=yes],[libmodplug_cv_gcc_visibility=no])
 	)
 # we want symbol -fvisibility for elf targets, however it works
 # with darwin/macho too.  other than that, windows, dos and os2

src/load_669.cpp

@@ -35,7 +35,7 @@ typedef struct tagSAMPLE669
 	BYTE loopend[4];
 } SAMPLE669;
 
-DWORD lengthArrayToDWORD(const BYTE length[4]) {
+static DWORD lengthArrayToDWORD(const BYTE length[4]) {
 	DWORD len = (length[3] << 24) +
 		(length[2] << 16) +
 		(length[1] << 8) +

src/load_abc.cpp

@@ -810,6 +810,10 @@ static int abc_transpose(const char *v)
 		if( j ) {
 			while( *v && *v != ' ' && *v != ']' ) v++;
 		}
+
+		// Already reached the end of the string..
+		if (!*v)
+			break;
 	}
 	if( strlen(mv) > 0 ) // someone set the middle note
 		t += abc_interval(mv, m);
@@ -1282,6 +1286,9 @@ static int abc_add_noteon(ABCHANDLE *h, int ch, const char *p, uint32_t tracktim
 			i = 0;
 			break;
 	}
+	// nothing good inside - early exit
+	if ( n == 0 )
+		return 0;
 	for( k=0; k<51; k++ ) {
 		if( n == barkey[k] )
 			break;
@@ -1484,7 +1491,7 @@ static void	abc_add_chord(const char *p, ABCHANDLE *h, ABCTRACK *tp, uint32_t tr
 			d[chordnote] = i;
 			break;
 		}
-	p++;
+	if (*p) p++;
 	switch(*p) {
 		case 'b':
 			d[chordnote]--;
@@ -1506,7 +1513,7 @@ static void	abc_add_chord(const char *p, ABCHANDLE *h, ABCTRACK *tp, uint32_t tr
 				d[chordbase] = i;
 				break;
 			}
-		p++;
+		if (*p) p++;
 		switch(*p) {
 			case 'b':
 				d[chordbase]--;
@@ -1655,6 +1662,7 @@ static int abc_notelen(const char *p, int *len, int *div)
 	else k = 1;
 	*div = h * k;
 	if ( *div > 4096 ) *div = 4096;
+	if ( *div <= 0 ) *div = 1;
 	return i;
 }
 
@@ -2004,7 +2012,7 @@ static uint32_t abc_fade_tracks(ABCHANDLE *h, char *abcparts, uint32_t ptt[27])
 			tp->slidevoltime = e0->tracktick;
 		}
 		tp->mute = 0; // unmute track for safety, notes in a muted track already have zero volume...
-		while( vol > 5 ) {
+		while( vol > 5 && tp->slidevoltime != 0) {
 			for( p=abcparts; *p && vol > 5; p++ ) {
 				pt1 = ptt[*p-'A'];
 				pt2 = ptt[*p-'A'+1];
@@ -2023,7 +2031,7 @@ static void abc_song_to_parts(ABCHANDLE *h, char **abcparts, BYTE partp[27][2])
 	ABCEVENT *e;
 	int i, fading, loop, normal, partno, partsegno, partloop, partcoda, parttocoda, partfine, skip, x, y;
 	int vmask[27],nextp[27];
-	uint32_t ptt[27];
+	uint32_t ptt[27] = {};
 	char buf[256];	// must be enough, mod's cannot handle more than 240 patterns
 	char *pfade;
 	if( !h || !h->track || !h->track->capostart ) return;
@@ -2147,7 +2155,8 @@ static void abc_song_to_parts(ABCHANDLE *h, char **abcparts, BYTE partp[27][2])
 			if( buf[i] != buf[i-1] + 1 ) {
 				x = buf[i-1] - 'A';
 				y = buf[i] - 'A';
-				abc_keeptiednotes(h, ptt[x+1], ptt[y]);
+				if (x < 26 && y < 26)
+					abc_keeptiednotes(h, ptt[x+1], ptt[y]);
 			}
 		}
 	}
@@ -2220,6 +2229,8 @@ static void abc_substitute(ABCHANDLE *h, char *target, char *s)
 			strcpy(p,s);
 			for( q=p+l; *q; q++ ) *p++ = *q;
 		}
+		// ensure end of string is initialized
+		*p = 0;
 	}
 }
 
@@ -2239,7 +2250,7 @@ static void abc_preprocess(ABCHANDLE *h, ABCMACRO *m)
 				a = m->subst[j];
 				if( a > 'g' && islower(a) ) {
 					b = a - 'n';
-					a = "CDEFGABCDEFGABcdefgabcdefgab"[i+b+7];
+					a = "CDEFGABCDEFGABcdefgabcdefgabcdefgab"[i+b+7];
 					*p++ = a;
 					if( i+b < 0 )
 						*p++ = ',';
@@ -2290,12 +2301,12 @@ static int abc_parse_decorations(ABCHANDLE *h, ABCTRACK *tp, const char *p)
 	if( !strncmp(p,"sfz",3) ) vol = 100;
 	if( *p == 'p' ) {
 		vol = 60;
-		while( *p++ == 'p' ) vol -= 15;
+		while( *p && *p++ == 'p' ) vol -= 15;
 		if( vol < 1 ) vol = 1;
 	}
 	if( *p == 'f' ) {
 		vol = 105;
-		while( *p++ == 'f' ) vol += 15;
+		while( *p && *p++ == 'f' ) vol += 15;
 		if( vol > 135 ) vol = 127;	// ffff
 		if( vol > 127 ) vol = 125;	// fff
 	}
@@ -2379,7 +2390,7 @@ static ABCHANDLE *ABC_Init(void)
 	return retval;
 }
 
-static void ABC_CleanupTrack(ABCTRACK *tp)
+static void ABC_CleanupTrackEvents(ABCTRACK *tp)
 {
 	ABCEVENT *ep, *en;
 	if( tp ) {
@@ -2408,7 +2419,8 @@ static void ABC_CleanupTracks(ABCHANDLE *handle)
 	if(handle) {
 		for( tp=handle->track; tp; tp = tn ) {
 			tn=tp->next;
-			ABC_CleanupTrack(tp);
+			ABC_CleanupTrackEvents(tp);
+			free(tp);
 		}
 		handle->track = NULL;
 	}
@@ -3391,6 +3403,7 @@ static int abc_partpat_to_orderlist(BYTE partp[27][2], const char *abcparts, ABC
 	if( abcparts ) {
 		partsused = 0;
 		for( p = abcparts; *p; p++ ) {
+			if (*p < 'A' || *p > 'Z') break;
 			for( t = partp[*p - 'A'][0]; t < partp[*p - 'A'][1]; t++ ) {
 				if( orderlen == ordersize ) {
 					ordersize <<= 1;
@@ -3572,8 +3585,8 @@ BOOL CSoundFile::ReadABC(const uint8_t *lpStream, DWORD dwMemLength)
 	char	*line, *p, *pp, ch, ch0=0;
 	char barsig[52];	// for propagated accidental key signature within bar
 	char *abcparts;
-	uint8_t partpat[27][2], *orderlist;
-	int orderlen;
+	uint8_t partpat[27][2], *orderlist = NULL;
+	int orderlen = 0;
 	enum { NOWHERE, INBETWEEN, INHEAD, INBODY, INSKIPFORX, INSKIPFORQUOTE } abcstate;
 	ABCEVENT_JUMPTYPE j;
 	ABCEVENT_X_EFFECT abceffect;
@@ -3663,8 +3676,6 @@ BOOL CSoundFile::ReadABC(const uint8_t *lpStream, DWORD dwMemLength)
 	abc_init_partpat(partpat);
 	abc_MIDI_beat(h, ""); // reset beat array
 	abc_MIDI_beatstring(h, ""); // reset beatstring
-	orderlist  = NULL;
-	orderlen   = 0;
 	mmsp       = 1;
 	mmstack[0] = mmfile;
 	mmfseek(mmfile,0,SEEK_SET);
@@ -3687,7 +3698,7 @@ BOOL CSoundFile::ReadABC(const uint8_t *lpStream, DWORD dwMemLength)
 	while( mmsp > 0 ) {
 		mmsp--;
 		while((line=abc_gets(h, mmstack[mmsp]))) {
-			char blankline[3] = "%%";
+			char blankline[3] = "% ";
 			for( p=line; isspace(*p); p++ ) ;
 			switch(abcstate) {
 				case INSKIPFORX:
@@ -3800,7 +3811,7 @@ BOOL CSoundFile::ReadABC(const uint8_t *lpStream, DWORD dwMemLength)
 						sprintf(barsig, "%s%s", sig[abckey], sig[abckey]);	// reset the key signature
 						p = abc_skip_word(p+2);
 						h->ktrans = abc_transpose(p);
-						*p = '%'; // force skip rest of line
+						p = blankline; // force skip rest of line
 						if( snotelen == 0 ) {	// calculate default notelen from meter M:
 							if( mnotediv == 0 ) mnotediv = mnotelen = 1;	// do'nt get nuked
 							snotelen = 100 * mnotelen / mnotediv;
@@ -3893,7 +3904,7 @@ BOOL CSoundFile::ReadABC(const uint8_t *lpStream, DWORD dwMemLength)
 						sprintf(barsig, "%s%s", sig[abckey], sig[abckey]);	// reset the key signature
 						p = abc_skip_word(p+2);
 						h->ktrans = abc_transpose(p);
-						*p = '%';	// make me skip the rest of the line....
+						p = blankline;	// make me skip the rest of the line....
 					}
 					if( !strncmp(p,"L:",2) ) {
 						sscanf(p+2," %d / %d", &snotelen, &snotediv);
@@ -3934,7 +3945,8 @@ BOOL CSoundFile::ReadABC(const uint8_t *lpStream, DWORD dwMemLength)
 					char *pm = p;
 					if (mmstack[mmsp]->pos < dwMemLength) {
 						pm = abc_continuated(h, mmstack[mmsp], p);
-						abc_new_macro(h, pm+2);
+						if (pm+2)
+							abc_new_macro(h, pm+2);
 					}
 					if( pm != p ) {
 						free(pm);
@@ -4060,7 +4072,7 @@ BOOL CSoundFile::ReadABC(const uint8_t *lpStream, DWORD dwMemLength)
 					// plough thru the songline gathering mos....
 					ch0 = ' ';
 					pp = 0;
-					while( (ch = *p++) ) {
+					while( *p && (ch = *p++) ) {
 						if( !pp && isalpha(ch) && *p != ':' ) { // maybe a macro
 							for( mp=h->umacro; mp; mp=mp->next ) {
 								if( ch == mp->name[0] ) {
@@ -4156,15 +4168,15 @@ BOOL CSoundFile::ReadABC(const uint8_t *lpStream, DWORD dwMemLength)
 									break;
 								}
 								if( *p && strchr("abcdefgABCDEFG^_=",*p) ) {
-									int cnl[8],cnd[8],vnl,nl0=0,nd0=0,barticks;	// for chords with notes of varying length
+									int cnl[8]={},cnd[8]={},vnl,nl0=0,nd0=0,barticks;	// for chords with notes of varying length
 									barticks = notelen_notediv_to_ticks(h->speed,1,mnotediv);
 									if (barticks == 0) barticks = 1;
 									abcchord = 0;
 									vnl = 0;
 									h->tp = abc_check_track(h, h->tp);
 									abc_track_clear_tiedvpos(h);
 									abcbeatvol = abc_beat_vol(h, abcvol, (h->tracktime - bartime)/barticks);
-									while( (ch=*p++) && (ch != ']') ) {
+									while( *p && (ch=*p++) && (ch != ']') ) {
 										h->tp = abc_locate_track(h, h->tp->v, abcchord? abcchord+DRONEPOS2: 0);
 										p += abc_add_noteon(h, ch, p, h->tracktime, barsig, abcbeatvol, abceffect, abceffoper);
 										p += abc_notelen(p, &notelen, &notediv);
@@ -4332,7 +4344,7 @@ BOOL CSoundFile::ReadABC(const uint8_t *lpStream, DWORD dwMemLength)
 								int barticks = notelen_notediv_to_ticks(h->speed,1,mnotediv);
 								if (barticks == 0) barticks = 1;
 								abcbeatvol = abc_beat_vol(h, abcvol, (h->tracktime - bartime)/barticks);
-								while( (ch=*p++) && (ch != '}') ) {
+								while( *p && (ch=*p++) && (ch != '}') ) {
 									p += abc_add_noteon(h, ch, p, h->tracktime+abcgrace, barsig, abcbeatvol, none, 0);
 									p += abc_notelen(p, &notelen, &notediv);
 									if( *p=='-' ) {
@@ -4418,7 +4430,7 @@ BOOL CSoundFile::ReadABC(const uint8_t *lpStream, DWORD dwMemLength)
  									if( h->tp == h->tpc ) abc_add_chord(p, h, h->tpc, h->tracktime); // only do chords for one voice
 								}
 								abcto = 0;
-								while( (ch=*p++) && (ch != '"') ) {
+								while( *p && (ch=*p++) && (ch != '"') ) {
 									if( !strncasecmp(p,"fade",4) && h->track && h->track->slidevol > -2 )
 										abc_globalslide(h, h->tracktime, -2); // set volumeslide to fade away...
 									if( !strncasecmp(p,"to coda",7) ) {
@@ -4627,7 +4639,7 @@ BOOL CSoundFile::ReadABC(const uint8_t *lpStream, DWORD dwMemLength)
 								else {
 									h->tp = abc_check_track(h, h->tp);
 									abcvol = abc_parse_decorations(h, h->tp, p);
-									while( (ch=*p++) && (ch != '+') )
+									while( *p && (ch=*p++) && (ch != '+') )
 										;
 								}
 								break;
@@ -4760,8 +4772,8 @@ BOOL CSoundFile::ReadABC(const uint8_t *lpStream, DWORD dwMemLength)
 	}
 	ABC_CleanupMacros(h);	// we dont need them anymore
 	if( !h->track ) {
-		char buf[10];
-		sprintf(buf,"%u",abcxnumber);
+		char buf[11];
+		sprintf(buf,"%u", abcxnumber);
 		abc_message("abc X:%s has no body", buf);
 		h->track = abc_check_track(h, h->track); // for sanity...
 	}

src/load_amf.cpp

@@ -310,15 +310,20 @@ BOOL CSoundFile::ReadAMF(LPCBYTE lpStream, const DWORD dwMemLength)
 	// Setup sequence list
 	for (UINT iOrd=0; iOrd<MAX_ORDERS; iOrd++)
 	{
+		if (dwMemPos + 4 > dwMemLength) return TRUE;
 		Order[iOrd] = 0xFF;
 		if (iOrd < pfh->numorders)
 		{
 			Order[iOrd] = iOrd;
 			PatternSize[iOrd] = 64;
 			if (pfh->version >= 14)
 			{
+				if (dwMemPos + m_nChannels * sizeof(USHORT) + 2 > dwMemLength) return FALSE;
 				PatternSize[iOrd] = bswapLE16(*(USHORT *)(lpStream+dwMemPos));
 				dwMemPos += 2;
+			} else
+			{
+				if (dwMemPos + m_nChannels * sizeof(USHORT) > dwMemLength) return FALSE;
 			}
 			ptracks[iOrd] = (USHORT *)(lpStream+dwMemPos);
 			dwMemPos += m_nChannels * sizeof(USHORT);