tags 631009 + patch tags 631009 + pending thanks Dear maintainer,
I've prepared an NMU for libmikmod (versioned as 3.1.11-6.4) and uploaded it to DELAYED/3. Please feel free to tell me if I should delay it longer. Regards.
diff -u libmikmod-3.1.11/debian/changelog libmikmod-3.1.11/debian/changelog
--- libmikmod-3.1.11/debian/changelog
+++ libmikmod-3.1.11/debian/changelog
@@ -1,3 +1,11 @@
+libmikmod (3.1.11-6.4) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Fixed regression introduced by CVE-2007-6720.patch
+ (Closes: #631009)(LP: #194916)
+
+ -- Giuseppe Iuculano <iucul...@debian.org> Mon, 01 Aug 2011 11:51:59 +0200
+
libmikmod (3.1.11-6.3) unstable; urgency=low
* Non-maintainer upload.
diff -u libmikmod-3.1.11/debian/patches/CVE-2007-6720.patch libmikmod-3.1.11/debian/patches/CVE-2007-6720.patch
--- libmikmod-3.1.11/debian/patches/CVE-2007-6720.patch
+++ libmikmod-3.1.11/debian/patches/CVE-2007-6720.patch
@@ -1,38 +1,109 @@
--- libmikmod-3.1.11.orig/playercode/mplayer.c
+++ libmikmod-3.1.11/playercode/mplayer.c
-@@ -2318,7 +2318,7 @@
+@@ -52,6 +52,8 @@
+ will wait */
+ /*static*/ MODULE *pf = NULL;
+
++#define NUMVOICES(mod) (md_sngchn < (mod)->numvoices ? md_sngchn : (mod)->numvoices)
++
+ #define HIGH_OCTAVE 2 /* number of above-range octaves */
+
+ static UWORD oldperiods[OCTAVE*2]={
+@@ -248,14 +250,14 @@
+ MP_VOICE *a;
+ ULONG t,k,tvol,pp;
+
+- for (t=0;t<md_sngchn;t++)
++ for (t=0;t<NUMVOICES(mod);t++)
+ if (((mod->voice[t].main.kick==KICK_ABSENT)||
+ (mod->voice[t].main.kick==KICK_ENV))&&
+ Voice_Stopped_internal(t))
+ return t;
+
+ tvol=0xffffffUL;t=-1;a=mod->voice;
+- for (k=0;k<md_sngchn;k++,a++) {
++ for (k=0;k<NUMVOICES(mod);k++,a++) {
+ /* allow us to take over a nonexisting sample */
+ if (!a->main.s)
+ return k;
+@@ -2249,12 +2251,12 @@
+
+ switch (dat) {
+ case 0x0: /* past note cut */
+- for (t=0;t<md_sngchn;t++)
++ for (t=0;t<NUMVOICES(mod);t++)
+ if (mod->voice[t].master==a)
+ mod->voice[t].main.fadevol=0;
+ break;
+ case 0x1: /* past note off */
+- for (t=0;t<md_sngchn;t++)
++ for (t=0;t<NUMVOICES(mod);t++)
+ if (mod->voice[t].master==a) {
+ mod->voice[t].main.keyoff|=KEY_OFF;
+ if ((!(mod->voice[t].venv.flg & EF_ON))||
+@@ -2263,7 +2265,7 @@
+ }
+ break;
+ case 0x2: /* past note fade */
+- for (t=0;t<md_sngchn;t++)
++ for (t=0;t<NUMVOICES(mod);t++)
+ if (mod->voice[t].master==a)
+ mod->voice[t].main.keyoff|=KEY_FADE;
+ break;
+@@ -2318,7 +2320,7 @@
SAMPLE *s;
mod->totalchn=mod->realchn=0;
- for (channel=0;channel<md_sngchn;channel++) {
-+ for (channel=0;channel<mod->numchn;channel++) {
++ for (channel=0;channel<NUMVOICES(mod);channel++) {
aout=&mod->voice[channel];
i=aout->main.i;
s=aout->main.s;
-@@ -3086,7 +3086,7 @@
+@@ -2736,7 +2738,7 @@
+ if (a->dct!=DCT_OFF) {
+ int t;
+
+- for (t=0;t<md_sngchn;t++)
++ for (t=0;t<NUMVOICES(mod);t++)
+ if ((!Voice_Stopped_internal(t))&&
+ (mod->voice[t].masterchn==channel)&&
+ (a->main.sample==mod->voice[t].main.sample)) {
+@@ -2978,6 +2980,11 @@
+ if (!(mod->voice=(MP_VOICE*)_mm_calloc(md_sngchn,sizeof(MP_VOICE))))
+ return 1;
+
++ /* mod->numvoices was used during loading to clamp md_sngchn.
++ After loading it's used to remember how big mod->voice is.
++ */
++ mod->numvoices = md_sngchn;
++
+ Player_Init_internal(mod);
+ return 0;
+ }
+@@ -3086,7 +3093,7 @@
pf->patbrk=0;
pf->vbtick=pf->sngspd;
- for (t=0;t<md_sngchn;t++) {
-+ for (t=0;t<pf->numchn;t++) {
++ for (t=0;t<NUMVOICES(pf);t++) {
Voice_Stop_internal(t);
pf->voice[t].main.i=NULL;
pf->voice[t].main.s=NULL;
-@@ -3111,7 +3111,7 @@
+@@ -3111,7 +3118,7 @@
pf->patbrk=0;
pf->vbtick=pf->sngspd;
- for (t=0;t<md_sngchn;t++) {
-+ for (t=0;t<pf->numchn;t++) {
++ for (t=0;t<NUMVOICES(pf);t++) {
Voice_Stop_internal(t);
pf->voice[t].main.i=NULL;
pf->voice[t].main.s=NULL;
-@@ -3138,7 +3138,7 @@
+@@ -3138,7 +3145,7 @@
pf->sngpos=pos;
pf->vbtick=pf->sngspd;
- for (t=0;t<md_sngchn;t++) {
-+ for (t=0;t<pf->numchn;t++) {
++ for (t=0;t<NUMVOICES(pf);t++) {
Voice_Stop_internal(t);
pf->voice[t].main.i=NULL;
pf->voice[t].main.s=NULL;
signature.asc
Description: Digital signature
