ft2-clone

Fasttracker 2 clone
Log | Files | Refs | README | LICENSE

commit ae9391ae2c59d017020e8d46dc6a78d155444dc5
parent a6f7b5d3e289b8df1c6e165dc3c63883ca760db9
Author: Olav Sørensen <olav.sorensen@live.no>
Date:   Mon, 28 Nov 2022 16:02:30 +0100

Pattern loop @ row>0 can overflow next pattern row pos

Diffstat:
Msrc/ft2_replayer.c | 9+++++++++
1 file changed, 9 insertions(+), 0 deletions(-)

diff --git a/src/ft2_replayer.c b/src/ft2_replayer.c @@ -2215,6 +2215,15 @@ static void getNextPos(void) song.pattNum = song.orders[song.songPos & 0xFF]; song.currNumRows = patternNumRows[song.pattNum & 0xFF]; } + + /* + ** Because of a bug in FT2, pattern loop commands will manipulate + ** the row the next pattern will begin at (should be 0). + ** However, this can overflow the number of rows (length) for that + ** pattern and cause out-of-bounds reads. Set to row 0 in this case. + */ + if (song.row >= song.currNumRows) + song.row = 0; } }