diff --git a/VERSION b/VERSION index a9738c9..3ad6eb8 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -2020 October 27 2020 +2020 November 07 2020 diff --git a/doc/CHANGES b/doc/CHANGES index d1fb73e..de45ec9 100644 --- a/doc/CHANGES +++ b/doc/CHANGES @@ -13977,3 +13977,24 @@ and a number. This change propagated to the other files position.c, debug.c, yaprstree.c and drawtune.c. There are too many changes in yapstree.c and drawtune.c to list. + +November 01 2020 + +Yaps: James Allwright fixed a bug introduced recently that caused yaps +to shift the notes down two ledger lines when the clef is not declared +(parseabc.c). More security checks were introduced to prevent yaps +and midi2abc to produce lines greater than 256 characters (drawtune.c, +drawtune.h, yapstree.c and midi2abc.c). + +November 07 2020 +Yaps: a missing voidptr prevented the compilation of drawtune.c on MacOS. +Lines 3006-3011 was replaced with + if (v->place->type == LEFT_TEXT) { + printtext(left, v->place->item.voidptr, &textfont); + }; + if (v->place->type == CENTRE_TEXT) { + printtext(centre, v->place->item.voidptr, &textfont); + }; + + + diff --git a/doc/readme.txt b/doc/readme.txt index d6a3115..fc4adbd 100644 --- a/doc/readme.txt +++ b/doc/readme.txt @@ -1,9 +1,9 @@ abcMIDI : abc <-> MIDI conversion utilities -midi2abc version 3.46 June 22 2020 +midi2abc version 3.47 November 01 2020 abc2midi version 4.44 October 19 2020 abc2abc version 2.12 October 19 2020 -yaps version 1.83 October 27 2020 +yaps version 1.85 November 07 2020 abcmatch version 1.76 October 19 2020 midicopy version 1.37 October 10 2020 @@ -14,7 +14,7 @@ J.R.Allwright@westminster.ac.uk University of Westminster, London, UK -October 2020 +November 2020 Seymour Shlien Ottawa, Canada diff --git a/drawtune.c b/drawtune.c index 22c33af..f5943d5 100644 --- a/drawtune.c +++ b/drawtune.c @@ -26,6 +26,7 @@ #ifdef _MSC_VER #define ANSILIBS 1 +#define snprintf _snprintf #endif #include @@ -45,8 +46,6 @@ extern struct tune thetune; extern int debugging; extern int pagenumbering; extern int barnums, nnbars; -extern char outputname[256]; -extern char outputroot[256]; extern int make_open(); extern void printlib(); extern int count_dots(int *base, int *base_exp, int n, int m); @@ -3005,12 +3004,14 @@ static int printvoiceline(struct voice* v) if (v->place->type == NEWPAGE) { newpage(); }; + /* [JA] 2020-11-07 */ if (v->place->type == LEFT_TEXT) { - printtext(left, v->place->item, &textfont); + printtext(left, v->place->item.voidptr, &textfont); }; if (v->place->type == CENTRE_TEXT) { - printtext(centre, v->place->item, &textfont); + printtext(centre, v->place->item.voidptr, &textfont); }; + if (v->place->type == VSKIP) { vskip((double)v->place->item.number); }; @@ -3544,7 +3545,12 @@ void printtune(struct tune* t) boundingbox.urx = xmargin + pagewidth; boundingbox.ury = ymargin + pagelen; }; - sprintf(outputname, "%s%d.eps", outputroot, t->no); +#ifdef NO_SNPRINTF + /* [SS] 2020-11-01 */ + sprintf(outputname, "%s%d.eps", outputroot, t->no); /* [JA] 2020-11-01 */ +#else + snprintf(outputname, MAX_OUTPUTNAME, "%s%d.eps", outputroot, t->no); /* [JA] 2020-11-01 */ +#endif open_output_file(outputname, &boundingbox); } else { make_open(); diff --git a/drawtune.h b/drawtune.h index 0bf2c31..871f392 100644 --- a/drawtune.h +++ b/drawtune.h @@ -8,6 +8,13 @@ extern int eps_out; struct bbox { int llx, lly, urx, ury; }; + +/* may add .ps or .eps to outputroot to get outputname [JA] 2020-11-01 */ +#define MAX_OUTPUTROOT 250 +#define MAX_OUTPUTNAME (MAX_OUTPUTROOT + 20) +extern char outputroot[MAX_OUTPUTROOT + 1]; +extern char outputname[MAX_OUTPUTNAME + 1]; + #ifdef ANSILIBS extern void setmargins(char* s); extern void setpagesize(char* s); diff --git a/midi2abc.c b/midi2abc.c index 4d73395..9061e2c 100644 --- a/midi2abc.c +++ b/midi2abc.c @@ -45,7 +45,7 @@ * based on public domain 'midifilelib' package. */ -#define VERSION "3.46 June 22 2020 midi2abc" +#define VERSION "3.47 November 01 2020 midi2abc" /* Microsoft Visual C++ Version 6.0 or higher */ #ifdef _MSC_VER @@ -375,6 +375,7 @@ char* s; if (numbytes > 1024) numbytes = 1024; /* [SS] 2019-08-11 */ p = (char*) checkmalloc(numbytes); /* [SS] 2019-04-13 2019-08-11*/ strncpy(p, s,numbytes); /* [SS] 2017-08-30 [SDG] 2020-06-03 */ + p[numbytes-1] = '\0'; /* [JA] 2020-11-01 */ return(p); } diff --git a/parseabc.c b/parseabc.c index 8320cc4..4cae5d8 100644 --- a/parseabc.c +++ b/parseabc.c @@ -166,7 +166,11 @@ char * concatenatestring(s1,s2) { int len = strlen(s1) + strlen(s2) + 1; char *p = (char *) checkmalloc(len); +#ifdef NO_SNPRINTF + sprintf(p, "%s%s",s1,s2); /* [SS] 2020-11-01 */ +#else snprintf(p,len, "%s%s",s1,s2); +#endif return p; } @@ -598,7 +602,11 @@ int isclef (char *s, cleftype_t * new_clef, if (expect_clef && !gotclef) { char error_message[80]; +#ifdef NO_SNPRINTF + sprintf (error_message, "clef %s not recognized", s); +#else snprintf (error_message, 80, "clef %s not recognized", s); +#endif event_warning (error_message); } return (gotclef); @@ -657,10 +665,15 @@ lcase (s) void init_voice_contexts (void) { int i; + cleftype_t default_clef; /* [JA] 2020-11-01 */ + + /* we use treble clef when no clef is explicitly specified */ + get_standard_clef ("treble", &default_clef); /* default to treble clef */ for (i = 0; i < MAX_VOICES; i++) { /* [SS} 2015-03-15 */ voicecode[i].label[0] = '\0'; voicecode[i].expect_repeat = 0; voicecode[i].repeat_count = 0; + copy_clef(&voicecode[i].clef, &default_clef); /* [JA] 2020-11-01 */ } } @@ -730,8 +743,13 @@ int interpret_voice_label (char *s, int num) { char error_message[80]; +#ifdef NO_SNPRINT + sprintf(error_message, "V:%d out of sequence, treating as V:%d", + num, num_voices); /* [SS] 2020-10-01 */ +#else snprintf(error_message, 80, "V:%d out of sequence, treating as V:%d", num, num_voices); +#endif event_warning(error_message); num = num_voices + 1; } @@ -2123,7 +2141,11 @@ parsefield (key, field) int num, denom; /* strncpy (timesigstring, place, 16); [SS] 2011-08-19 */ +#ifdef NO_SNPRINT + sprintf(timesigstring,"%s",place); /* [SEG] 2020-06-07 */ +#else snprintf(timesigstring,sizeof(timesigstring),"%s",place); /* [SEG] 2020-06-07 */ +#endif if (strncmp (place, "none", 4) == 0) /* converts 'M: none' to 'M: 4/4' otherwise a warning * is returned if not a fraction [SS] */ @@ -2352,12 +2374,21 @@ static void check_bar_repeats (int bar_type, char *replist) if (cv->repeat_count == 0) { +#ifdef NO_SNPRINT + sprintf(error_message, "Missing repeat at start ? Unexpected :|%s found", replist); +#else snprintf(error_message, 80, "Missing repeat at start ? Unexpected :|%s found", replist); +#endif event_warning (error_message); } else { +#ifdef NO_SNPRINT + sprintf(error_message, "Unexpected :|%s found", replist); +#else snprintf(error_message, 80, "Unexpected :|%s found", replist); +#endif + event_warning (error_message); } }; diff --git a/yapstree.c b/yapstree.c index 8c76140..ca2020f 100644 --- a/yapstree.c +++ b/yapstree.c @@ -22,7 +22,7 @@ /* yapstree.c - back-end for abc parser. */ /* generates a data structure suitable for typeset music */ -#define VERSION "1.83 October 27 2020 yaps" +#define VERSION "1.85 November 07 2020 yaps" #include #ifdef USE_INDEX #define strchr index @@ -62,8 +62,8 @@ extern int oldchordconvention; /* for handling +..+ chords */ struct voice* cv; struct tune thetune; -char outputname[256]; -char outputroot[256]; +char outputname[MAX_OUTPUTNAME + 1]; /* [JA] 2020-11-01 */ +char outputroot[MAX_OUTPUTROOT + 1]; char matchstring[256]; int fileopen; @@ -1213,14 +1213,29 @@ char** filename; }; fileopen = 0; filearg = getarg("-o", argc, argv); + /* beware of security risk from buffer overflows here [JA] 2020-11-01*/ if (filearg != -1) { - /*strcpy(outputname, argv[filearg]); security risk buffer overflow */ - /* strncpy(outputname, argv[filearg],sizeof(outputname)-1); [SDG] 2020-06-03 */ - snprintf(outputname, sizeof(outputname)-1,"%s",argv[filearg]); /* [SDG] 2020-06-03 */ + if (strlen(argv[filearg]) > MAX_OUTPUTROOT) /* [JA] 2020-11-01 */ + { + printf("Specified output filename exceeds limit.\n"); + exit(1); + } +#ifdef NO_SNPRINTF + sprintf(outputname, "%s",argv[filearg]); /* [SS] 2020-11-01 */ +#else + snprintf(outputname, MAX_OUTPUTROOT,"%s",argv[filearg]); +#endif } else { - /* strcpy(outputname, argv[1]); security risk: buffer overflow */ - /* strncpy(outputname, argv[1],sizeof(outputname)-4); [SDG] 2020-06-03 */ - snprintf(outputname,sizeof(outputname)-4,"%s", argv[1]); /* [SDG] 2020-06-03 */ + if (strlen(argv[1]) > MAX_OUTPUTROOT) + { + printf("Implied output filename exceeds limit.\n"); + exit(1); + } +#ifdef NO_SNPRINTF + sprintf(outputname,"%s", argv[1]); /* [SS] 2020-11-01 */ +#else + snprintf(outputname,MAX_OUTPUTROOT,"%s", argv[1]); +#endif place = strchr(outputname, '.'); if (place == NULL) { strcat(outputname, ".ps");