ref: a3a416f1e650dfe55781cd06c966e0f00b47dd9f
parent: 94f0d24cd226184f2e8ea0c0caf45d8e4fc58156
author: Christopher Snowhill <[email protected]>
date: Wed Sep 13 14:24:54 EDT 2017
Add string length guard to comment reader.
--- a/src/it/readmtm.c
+++ b/src/it/readmtm.c
@@ -30,7 +30,7 @@
if (ptr==0) return 0;
start = ptr;
end = ptr + max;
- while(*ptr && ptr < end) ptr++;
+ while(ptr < end && *ptr) ptr++;
return ptr - start;
}
@@ -321,7 +321,8 @@
int l, m;
for (l = 0, n = 0; n <= o; n += 40) {
- l += strlen_max(&comment[n], 40) + 2;
+ int maxlen = l_comment - n;
+ l += strlen_max(&comment[n], maxlen > 40 ? 40 : maxlen) + 2;
}
l -= 1;
@@ -330,7 +331,8 @@
if (!sigdata->song_message) goto error_fc;
for (m = 0, n = 0; n <= o; n += 40) {
- int p = (int) strlen_max(&comment[n], 40);
+ int maxlen = l_comment - n;
+ int p = (int) strlen_max(&comment[n], maxlen > 40 ? 40 : maxlen);
if (p) {
memcpy(sigdata->song_message + m, &comment[n], p);
m += p;