aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMax Horn2004-04-10 22:34:07 +0000
committerMax Horn2004-04-10 22:34:07 +0000
commit6bf0cce89c07e9d61295b92e4d25d012286f91d4 (patch)
treede49a45faebcabc48f9ff76fa371478bdd94a5b6
parenta3aead899ef8352624e8617b0608c29ab1dc5ae7 (diff)
downloadscummvm-rg350-6bf0cce89c07e9d61295b92e4d25d012286f91d4.tar.gz
scummvm-rg350-6bf0cce89c07e9d61295b92e4d25d012286f91d4.tar.bz2
scummvm-rg350-6bf0cce89c07e9d61295b92e4d25d012286f91d4.zip
Clean up VOC code, and fix potential out-of-bounds access
svn-id: r13535
-rw-r--r--sound/voc.cpp46
1 files changed, 20 insertions, 26 deletions
diff --git a/sound/voc.cpp b/sound/voc.cpp
index 6124a42ef8..ac946b12ae 100644
--- a/sound/voc.cpp
+++ b/sound/voc.cpp
@@ -50,24 +50,22 @@ byte *readVOCFromMemory(byte *ptr, int &size, int &rate, int &loops, int &begin_
assert(version == 0x010A || version == 0x0114);
assert(code == ~version + 0x1234);
- bool quit = false;
+ int len;
byte *ret_sound = 0;
size = 0;
begin_loop = 0;
end_loop = 0;
+
+ ptr += offset;
+ while ((code = *ptr++)) {
+ len = *ptr++;
+ len |= *ptr++ << 8;
+ len |= *ptr++ << 16;
- while (!quit) {
- int len = READ_LE_UINT32(ptr + offset);
- offset += 4;
- code = len & 0xFF;
- len >>= 8;
switch(code) {
- case 0:
- quit = true;
- break;
case 1: {
- int time_constant = ptr[offset++];
- int packing = ptr[offset++];
+ int time_constant = *ptr++;
+ int packing = *ptr++;
len -= 2;
rate = getSampleRateFromVOCRate(time_constant);
debug(9, "VOC Data Block: %d, %d, %d", rate, packing, len);
@@ -77,7 +75,7 @@ byte *readVOCFromMemory(byte *ptr, int &size, int &rate, int &loops, int &begin_
} else {
ret_sound = (byte *)malloc(len);
}
- memcpy(ret_sound + size, ptr + offset, len);
+ memcpy(ret_sound + size, ptr, len);
begin_loop = size;
size += len;
end_loop = size;
@@ -86,17 +84,16 @@ byte *readVOCFromMemory(byte *ptr, int &size, int &rate, int &loops, int &begin_
}
} break;
case 6: // begin of loop
- loops = (uint16)READ_LE_UINT16(ptr + offset);
+ loops = (uint16)READ_LE_UINT16(ptr);
break;
case 7: // end of loop
break;
default:
warning("Invalid code in VOC file : %d", code);
- quit = true;
- break;
+ return ret_sound;
}
// FIXME some FT samples (ex. 362) has bad length, 2 bytes too short
- offset += len;
+ ptr += len;
}
debug(4, "VOC Data Size : %d", size);
return ret_sound;
@@ -132,18 +129,16 @@ byte *loadVOCFile(File *file, int &size, int &rate) {
assert(version == 0x010A || version == 0x0114);
assert(code == ~version + 0x1234);
- bool quit = false;
+ int len;
byte *ret_sound = 0;
size = 0;
- while (!quit) {
- int len = file->readUint32LE();
- code = len & 0xFF;
- len >>= 8;
+ while ((code = file->readByte())) {
+ len = file->readByte();
+ len |= file->readByte() << 8;
+ len |= file->readByte() << 16;
+
switch(code) {
- case 0:
- quit = true;
- break;
case 1: {
int time_constant = file->readByte();
int packing = file->readByte();
@@ -164,8 +159,7 @@ byte *loadVOCFile(File *file, int &size, int &rate) {
} break;
default:
warning("Invalid code in VOC file : %d", code);
- quit = true;
- break;
+ return ret_sound;
}
}
debug(4, "VOC Data Size : %d", size);