diff options
| author | Max Horn | 2004-04-10 22:34:07 +0000 |
|---|---|---|
| committer | Max Horn | 2004-04-10 22:34:07 +0000 |
| commit | 6bf0cce89c07e9d61295b92e4d25d012286f91d4 (patch) | |
| tree | de49a45faebcabc48f9ff76fa371478bdd94a5b6 | |
| parent | a3aead899ef8352624e8617b0608c29ab1dc5ae7 (diff) | |
| download | scummvm-rg350-6bf0cce89c07e9d61295b92e4d25d012286f91d4.tar.gz scummvm-rg350-6bf0cce89c07e9d61295b92e4d25d012286f91d4.tar.bz2 scummvm-rg350-6bf0cce89c07e9d61295b92e4d25d012286f91d4.zip | |
Clean up VOC code, and fix potential out-of-bounds access
svn-id: r13535
| -rw-r--r-- | sound/voc.cpp | 46 |
1 files changed, 20 insertions, 26 deletions
diff --git a/sound/voc.cpp b/sound/voc.cpp index 6124a42ef8..ac946b12ae 100644 --- a/sound/voc.cpp +++ b/sound/voc.cpp @@ -50,24 +50,22 @@ byte *readVOCFromMemory(byte *ptr, int &size, int &rate, int &loops, int &begin_ assert(version == 0x010A || version == 0x0114); assert(code == ~version + 0x1234); - bool quit = false; + int len; byte *ret_sound = 0; size = 0; begin_loop = 0; end_loop = 0; + + ptr += offset; + while ((code = *ptr++)) { + len = *ptr++; + len |= *ptr++ << 8; + len |= *ptr++ << 16; - while (!quit) { - int len = READ_LE_UINT32(ptr + offset); - offset += 4; - code = len & 0xFF; - len >>= 8; switch(code) { - case 0: - quit = true; - break; case 1: { - int time_constant = ptr[offset++]; - int packing = ptr[offset++]; + int time_constant = *ptr++; + int packing = *ptr++; len -= 2; rate = getSampleRateFromVOCRate(time_constant); debug(9, "VOC Data Block: %d, %d, %d", rate, packing, len); @@ -77,7 +75,7 @@ byte *readVOCFromMemory(byte *ptr, int &size, int &rate, int &loops, int &begin_ } else { ret_sound = (byte *)malloc(len); } - memcpy(ret_sound + size, ptr + offset, len); + memcpy(ret_sound + size, ptr, len); begin_loop = size; size += len; end_loop = size; @@ -86,17 +84,16 @@ byte *readVOCFromMemory(byte *ptr, int &size, int &rate, int &loops, int &begin_ } } break; case 6: // begin of loop - loops = (uint16)READ_LE_UINT16(ptr + offset); + loops = (uint16)READ_LE_UINT16(ptr); break; case 7: // end of loop break; default: warning("Invalid code in VOC file : %d", code); - quit = true; - break; + return ret_sound; } // FIXME some FT samples (ex. 362) has bad length, 2 bytes too short - offset += len; + ptr += len; } debug(4, "VOC Data Size : %d", size); return ret_sound; @@ -132,18 +129,16 @@ byte *loadVOCFile(File *file, int &size, int &rate) { assert(version == 0x010A || version == 0x0114); assert(code == ~version + 0x1234); - bool quit = false; + int len; byte *ret_sound = 0; size = 0; - while (!quit) { - int len = file->readUint32LE(); - code = len & 0xFF; - len >>= 8; + while ((code = file->readByte())) { + len = file->readByte(); + len |= file->readByte() << 8; + len |= file->readByte() << 16; + switch(code) { - case 0: - quit = true; - break; case 1: { int time_constant = file->readByte(); int packing = file->readByte(); @@ -164,8 +159,7 @@ byte *loadVOCFile(File *file, int &size, int &rate) { } break; default: warning("Invalid code in VOC file : %d", code); - quit = true; - break; + return ret_sound; } } debug(4, "VOC Data Size : %d", size); |