Bug#483389: xmp should not expect valid input / signedness problems

Wed, 28 May 2008 09:28:32 -0700 

Package: xmp
Version: 2.5.1-1
Severity: normal

by accident i corrupted an .xm file
xmp consumed all memory and my machine crashed
(though this is not xmps fault)

taking a quick look at the problem i found that there are at least 2
places (i guess there are many more) where input is not checked
carefully enough: 

in src/misc/oxm.c there is a signed int which is not checked against
<0 suggested patch:

--- oxm.c~      2008-05-28 17:40:21.000000000 +0200
+++ oxm.c       2008-05-28 17:42:11.000000000 +0200
@@ -79,7 +79,7 @@
        for (i = 0; i < nins; i++) {
                ilen = read32l(f);
                printf("ilen: %d\n",ilen);
-               if (ilen > 263)
+               if ((ilen > 263) || (ilen <0))
                        return -1;
                fseek(f, -4, SEEK_CUR);
                fread(buf, ilen, 1, f);         /* instrument header */

in src/player/driver.c there is a similar problem - though the
following patch is probably not good enough

--- src/player/driver.c~        2008-05-28 17:47:55.000000000 +0200
+++ src/player/driver.c 2008-05-28 17:48:16.000000000 +0200
@@ -899,7 +899,7 @@
 
     /* Empty samples
      */
-    if (xxs->len < 4) {
+    if ((xxs->len > 0) && (xxs->len < 4)) {
        if (~flags & XMP_SMP_NOLOAD)
            fread(s, 1, xxs->len, f);
        return XMP_OK;

in general it maybe is a bad idea to use xmp to play .xm files from
untrusted sources.


-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.24-1-686 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages xmp depends on:
ii  libartsc0                     1.5.9-2    aRts sound system C support librar
ii  libasound2                    1.0.16-2   ALSA library
ii  libaudio2                     1.9.1-2    Network Audio System - shared libr
ii  libc6                         2.7-10     GNU C Library: Shared libraries
ii  libesd0                       0.2.36-3   Enlightened Sound Daemon - Shared 
ii  libglib2.0-0                  2.16.3-2   The GLib library of C routines
ii  libx11-6                      2:1.0.3-7  X11 client-side library
ii  xmp-common                    2.5.1-1    Common files for xmp and the xmp A

xmp recommends no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to