ref: 566c9876c74f170ee0fdb1e0eb33147581f3d490
parent: 23e78e17f4970638108f8a740a8d82d043d8b185
author: Chris Moeller <kode54@gmail.com>
date: Fri Oct 9 13:59:30 EDT 2015
Fix issue #15 / CVE-2006-3668
--- a/dumb/src/it/itread.c
+++ b/dumb/src/it/itread.c
@@ -290,12 +290,15 @@
envelope->flags = dumbfile_getc(f);
envelope->n_nodes = dumbfile_getc(f);
+ if(envelope->n_nodes > 25) {+ TRACE("IT error: wrong number of envelope nodes (%d)\n", envelope->n_nodes);+ envelope->n_nodes = 0;
+ return -1;
+ }
envelope->loop_start = dumbfile_getc(f);
envelope->loop_end = dumbfile_getc(f);
envelope->sus_loop_start = dumbfile_getc(f);
envelope->sus_loop_end = dumbfile_getc(f);
- if (envelope->n_nodes > 25)
- envelope->n_nodes = 25;
for (n = 0; n < envelope->n_nodes; n++) {envelope->node_y[n] = dumbfile_getc(f);
envelope->node_t[n] = dumbfile_igetw(f);