falso
/
sm64
mirror of https://github.com/n64decomp/sm64.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix security vulnerability: add bounds check for numCoefficients 

When building with NDEBUG, asserts are eliminated, which could
lead to buffer overflow via out-of-bounds access to m_msadpcmCoefficients.
This adds explicit bounds checks that remain even when assertions are disabled.

Similar to the fix for CVE-2018-13440 in the original AudioFile library.
This commit is contained in:
yannaingtun 2025-03-04 10:54:12 +08:00
parent 9921382a68
commit 7dd0f121e4
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
tools/audiofile/audiofile.cpp
View File

@ -11183,7 +11183,11 @@ status WAVEFile::parseFormat(const Tag &id, uint32_t size)
/* numCoefficients should be at least 7. */
assert(numCoefficients >= 7 && numCoefficients <= 255);
if (numCoefficients < 7 || numCoefficients > 255)
{
_af_error(AF_BAD_HEADER, "Bad number of coefficients");
return AF_FAIL;
}
m_msadpcmNumCoefficients = numCoefficients;
for (int i=0; i<m_msadpcmNumCoefficients; i++)