zdoom/gzdoom-gles
0
0
Fork 0
mirror of https://github.com/ZDoom/gzdoom-gles.git synced 2024-11-28 06:53:40 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fix issue #15 / CVE-2006-3668

Browse source
This commit is contained in:
Chris Moeller 2015-10-09 17:59:30 -07:00 committed by Randy Heit
parent e5a4031a70
commit 17a216c832
1 changed files with 5 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
dumb/src/it/itread.c
View file

@ -290,12 +290,15 @@ static int it_read_envelope(IT_ENVELOPE *envelope, DUMBFILE *f)
envelope->flags = dumbfile_getc(f); envelope->flags = dumbfile_getc(f);
envelope->n_nodes = dumbfile_getc(f); envelope->n_nodes = dumbfile_getc(f);
if(envelope->n_nodes > 25) {
TRACE("IT error: wrong number of envelope nodes (%d)\n", envelope->n_nodes);
envelope->n_nodes = 0;
return -1;
}
envelope->loop_start = dumbfile_getc(f); envelope->loop_start = dumbfile_getc(f);
envelope->loop_end = dumbfile_getc(f); envelope->loop_end = dumbfile_getc(f);
envelope->sus_loop_start = dumbfile_getc(f); envelope->sus_loop_start = dumbfile_getc(f);
envelope->sus_loop_end = dumbfile_getc(f); envelope->sus_loop_end = dumbfile_getc(f);
if (envelope->n_nodes > 25)
envelope->n_nodes = 25;
for (n = 0; n < envelope->n_nodes; n++) { for (n = 0; n < envelope->n_nodes; n++) {
envelope->node_y[n] = dumbfile_getc(f); envelope->node_y[n] = dumbfile_getc(f);
envelope->node_t[n] = dumbfile_igetw(f); envelope->node_t[n] = dumbfile_igetw(f);