From 415856bdd4f48ab4f2732996f0bae58595092bbe Mon Sep 17 00:00:00 2001
From: Parabola <dev@list.parabolagnulinux.org>
Date: Tue, 5 Apr 2011 14:26:38 +0000
Subject: Tue Apr  5 14:26:38 UTC 2011

---
 .../libmikmod-3.1.12-md_sngchn-fix.diff            | 112 +++++++++++++++++++++
 1 file changed, 112 insertions(+)
 create mode 100644 multilib/lib32-libmikmod/libmikmod-3.1.12-md_sngchn-fix.diff

(limited to 'multilib/lib32-libmikmod/libmikmod-3.1.12-md_sngchn-fix.diff')

diff --git a/multilib/lib32-libmikmod/libmikmod-3.1.12-md_sngchn-fix.diff b/multilib/lib32-libmikmod/libmikmod-3.1.12-md_sngchn-fix.diff
new file mode 100644
index 000000000..45cc355ae
--- /dev/null
+++ b/multilib/lib32-libmikmod/libmikmod-3.1.12-md_sngchn-fix.diff
@@ -0,0 +1,112 @@
+This patch fixes "buffer overflow due to md_numchn - ID: 1630158"
+
+diff -ru libmikmod-3.1.12.orig/playercode/mplayer.c libmikmod-3.1.12/playercode/mplayer.c
+--- libmikmod-3.1.12.orig/playercode/mplayer.c	2007-12-15 01:26:28.000000000 -0800
++++ libmikmod-3.1.12/playercode/mplayer.c	2009-10-04 23:48:36.000000000 -0700
+@@ -52,6 +52,8 @@
+    will wait */
+ /*static*/ MODULE *pf = NULL;
+ 
++#define NUMVOICES(mod)	(md_sngchn < (mod)->numvoices ? md_sngchn : (mod)->numvoices)
++
+ #define	HIGH_OCTAVE		2	/* number of above-range octaves */
+ 
+ static	UWORD oldperiods[OCTAVE*2]={
+@@ -248,14 +250,14 @@
+ 	MP_VOICE *a;
+ 	ULONG t,k,tvol,pp;
+ 
+-	for (t=0;t<md_sngchn;t++)
++	for (t=0;t<NUMVOICES(mod);t++)
+ 		if (((mod->voice[t].main.kick==KICK_ABSENT)||
+ 			 (mod->voice[t].main.kick==KICK_ENV))&&
+ 		   Voice_Stopped_internal(t))
+ 			return t;
+ 
+ 	tvol=0xffffffUL;t=-1;a=mod->voice;
+-	for (k=0;k<md_sngchn;k++,a++) {
++	for (k=0;k<NUMVOICES(mod);k++,a++) {
+ 		/* allow us to take over a nonexisting sample */
+ 		if (!a->main.s)
+ 			return k;
+@@ -2249,12 +2251,12 @@
+ 
+ 	switch (dat) {
+ 	case 0x0: /* past note cut */
+-		for (t=0;t<md_sngchn;t++)
++		for (t=0;t<NUMVOICES(mod);t++)
+ 			if (mod->voice[t].master==a)
+ 				mod->voice[t].main.fadevol=0;
+ 		break;
+ 	case 0x1: /* past note off */
+-		for (t=0;t<md_sngchn;t++)
++		for (t=0;t<NUMVOICES(mod);t++)
+ 			if (mod->voice[t].master==a) {
+ 				mod->voice[t].main.keyoff|=KEY_OFF;
+ 				if ((!(mod->voice[t].venv.flg & EF_ON))||
+@@ -2263,7 +2265,7 @@
+ 			}
+ 		break;
+ 	case 0x2: /* past note fade */
+-		for (t=0;t<md_sngchn;t++)
++		for (t=0;t<NUMVOICES(mod);t++)
+ 			if (mod->voice[t].master==a)
+ 				mod->voice[t].main.keyoff|=KEY_FADE;
+ 		break;
+@@ -2318,7 +2320,7 @@
+ 	SAMPLE *s;
+ 
+ 	mod->totalchn=mod->realchn=0;
+-	for (channel=0;channel<md_sngchn;channel++) {
++	for (channel=0;channel<NUMVOICES(mod);channel++) {
+ 		aout=&mod->voice[channel];
+ 		i=aout->main.i;
+ 		s=aout->main.s;
+@@ -2736,7 +2738,7 @@
+ 			if (a->dct!=DCT_OFF) {
+ 				int t;
+ 
+-				for (t=0;t<md_sngchn;t++)
++				for (t=0;t<NUMVOICES(mod);t++)
+ 					if ((!Voice_Stopped_internal(t))&&
+ 					   (mod->voice[t].masterchn==channel)&&
+ 					   (a->main.sample==mod->voice[t].main.sample)) {
+@@ -2978,6 +2980,11 @@
+ 	if (!(mod->voice=(MP_VOICE*)_mm_calloc(md_sngchn,sizeof(MP_VOICE))))
+ 		return 1;
+ 
++	/* mod->numvoices was used during loading to clamp md_sngchn.
++	   After loading it's used to remember how big mod->voice is.
++	*/
++	mod->numvoices = md_sngchn;
++
+ 	Player_Init_internal(mod);
+ 	return 0;
+ }
+@@ -3086,7 +3093,7 @@
+ 		pf->patbrk=0;
+ 		pf->vbtick=pf->sngspd;
+ 
+-		for (t=0;t<md_sngchn;t++) {
++		for (t=0;t<NUMVOICES(pf);t++) {
+ 			Voice_Stop_internal(t);
+ 			pf->voice[t].main.i=NULL;
+ 			pf->voice[t].main.s=NULL;
+@@ -3111,7 +3118,7 @@
+ 		pf->patbrk=0;
+ 		pf->vbtick=pf->sngspd;
+ 
+-		for (t=0;t<md_sngchn;t++) {
++		for (t=0;t<NUMVOICES(pf);t++) {
+ 			Voice_Stop_internal(t);
+ 			pf->voice[t].main.i=NULL;
+ 			pf->voice[t].main.s=NULL;
+@@ -3138,7 +3145,7 @@
+ 		pf->sngpos=pos;
+ 		pf->vbtick=pf->sngspd;
+ 
+-		for (t=0;t<md_sngchn;t++) {
++		for (t=0;t<NUMVOICES(pf);t++) {
+ 			Voice_Stop_internal(t);
+ 			pf->voice[t].main.i=NULL;
+ 			pf->voice[t].main.s=NULL;
-- 
cgit v1.2.3-54-g00ecf