Rockbox open source high quality audio player as a Music Player Daemon
mpris rockbox mpd libadwaita audio rust zig deno
2
fork

Configure Feed

Select the types of activity you want to include in your feed.

[BugFix] voicefont.c buffer overflow

voicefont.c expected a max of 999 voice IDs we are at 1013 or so
bad stuff happened TM new limit is 2048 and added an error message
(no file will be created if limit exceeded)

Change-Id: Ifda6dc5c45883551f8ae8f0d4efc9f7acdb7c90f

+21 -8
+21 -8
tools/voicefont.c
··· 29 29 #include <stdio.h> 30 30 #include <string.h> 31 31 32 - #define HEADER_SIZE 20 33 - 32 + #define HEADER_SIZE (20) 33 + #define MAX_NAME_LEN (80) 34 + #define MAX_VOICE_ENTRIES (2048) 34 35 /* endian conversion macros */ 35 36 #if defined(__BIG_ENDIAN__) 36 37 #define UINT_TO_BE(x) (x) ··· 47 48 int i,j; 48 49 49 50 /* two tables, one for normal strings, one for voice-only (>0x8000) */ 50 - static char names[1000][80]; /* worst-case space */ 51 - char name[80]; /* one string ID */ 52 - static int pos[1000]; /* position of sample */ 53 - static int size[1000]; /* length of clip */ 54 - int voiceonly[1000]; /* flag if this is voice only */ 51 + static char names[MAX_VOICE_ENTRIES][MAX_NAME_LEN]; /* worst-case space */ 52 + char name[MAX_NAME_LEN]; /* one string ID */ 53 + static int pos[MAX_VOICE_ENTRIES]; /* position of sample */ 54 + static int size[MAX_VOICE_ENTRIES]; /* length of clip */ 55 + int voiceonly[MAX_VOICE_ENTRIES]; /* flag if this is voice only */ 55 56 int count = 0; 56 57 int count_voiceonly = 0; 57 58 unsigned int value; /* value to be written to file */ ··· 86 87 } 87 88 fclose(voicefontids); 88 89 90 + if (count > MAX_VOICE_ENTRIES) 91 + { 92 + return -1; 93 + } 94 + 89 95 fseek(output, HEADER_SIZE + count*8, SEEK_SET); /* space for header */ 90 96 91 97 for (i=0; i<count; i++) ··· 161 167 fwrite(&value, sizeof(value), 1,output); 162 168 value = UINT_TO_BE(size[i]); /* size */ 163 169 fwrite(&value, sizeof(value), 1, output); 170 + printf(": [%d]%s : %s {%x, %x}\n", i, 171 + (voiceonly[i] ==1 ? "[V]":""), names[i], 172 + UINT_TO_BE(pos[i]), UINT_TO_BE(size[i])); /* debug */ 164 173 } /* for i */ 165 174 } /* for j */ 166 175 ··· 199 208 return -2; 200 209 } 201 210 202 - voicefont(ids, atoi(argv[2]),argv[3],output, 400); 211 + if (voicefont(ids, atoi(argv[2]),argv[3],output, 400) < 0) 212 + { 213 + printf("Error too many voicefont entries!\n"); 214 + return -3; 215 + } 203 216 return 0; 204 217 } 205 218 #endif