[Vm-dev] [OpenSmalltalk/opensmalltalk-vm] Potential buffer overrun in sqwin32midi.c (IntelliSense C6386) (#336)
Nicolas Cellier
notifications at github.com
Tue Jan 1 21:47:28 UTC 2019
On line 366 and following:
case ControlCmd: /* Read a control command */
channel = (dwParam1 >> 8) & 0xFF;
value = (dwParam1 >> 16) & 0xFF;
port->cache.sqControllers[channel] = value;
channel may reach a value of 255 (0xFF).
but the cache is dimensionned 128 near line 142:
/***************************************************************
* Controller value caches -- This is the minimum complement
* A "larger" driver would cache 128*16 controllers and 128*16 key pressures
*/
typedef struct sqControllerCache {
unsigned char sqControllers[128]; /* Controller value table */
unsigned char sqKeyPressures[128]; /* Polyphonic key pressure table */
unsigned char sqChanPressures[16]; /* Channel pressure value table */
int sqPitchBend[16]; /* The value of the pitch wheel */
} sqControllerCache;
Maybe use & 0x7F to be sure?
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/OpenSmalltalk/opensmalltalk-vm/issues/336
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squeakfoundation.org/pipermail/vm-dev/attachments/20190101/9d5b0e70/attachment.html>
More information about the Vm-dev
mailing list