[Vm-dev] [OpenSmalltalk/opensmalltalk-vm] Potential buffer overrun in sqwin32midi.c (IntelliSense C6386) (#336)

Nicolas Cellier notifications at github.com
Tue Jan 1 21:47:28 UTC 2019


On line 366 and following:

        case ControlCmd: /* Read a control command */
          channel = (dwParam1 >> 8) & 0xFF;
          value =  (dwParam1 >> 16) & 0xFF;
          port->cache.sqControllers[channel] = value;

channel may reach a value of 255 (0xFF).
but the cache is dimensionned 128 near line 142:

    /***************************************************************
     * Controller value caches -- This is the minimum complement
     * A "larger" driver would cache 128*16 controllers and 128*16 key pressures
     */
    typedef struct sqControllerCache {
      unsigned char sqControllers[128];  /* Controller value table */
      unsigned char sqKeyPressures[128]; /* Polyphonic key pressure table */
      unsigned char sqChanPressures[16]; /* Channel pressure value table */
      int sqPitchBend[16];               /* The value of the pitch wheel */
    } sqControllerCache;

Maybe use & 0x7F to be sure?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/OpenSmalltalk/opensmalltalk-vm/issues/336
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squeakfoundation.org/pipermail/vm-dev/attachments/20190101/9d5b0e70/attachment.html>


More information about the Vm-dev mailing list