commit ae9391ae2c59d017020e8d46dc6a78d155444dc5 parent a6f7b5d3e289b8df1c6e165dc3c63883ca760db9 Author: Olav Sørensen <olav.sorensen@live.no> Date: Mon, 28 Nov 2022 16:02:30 +0100 Pattern loop @ row>0 can overflow next pattern row pos Diffstat:
| M | src/ft2_replayer.c | | | 9 | +++++++++ |
1 file changed, 9 insertions(+), 0 deletions(-)
diff --git a/src/ft2_replayer.c b/src/ft2_replayer.c @@ -2215,6 +2215,15 @@ static void getNextPos(void) song.pattNum = song.orders[song.songPos & 0xFF]; song.currNumRows = patternNumRows[song.pattNum & 0xFF]; } + + /* + ** Because of a bug in FT2, pattern loop commands will manipulate + ** the row the next pattern will begin at (should be 0). + ** However, this can overflow the number of rows (length) for that + ** pattern and cause out-of-bounds reads. Set to row 0 in this case. + */ + if (song.row >= song.currNumRows) + song.row = 0; } }