diff --git a/VERSION b/VERSION index 503fed2..726a842 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -2021 December 12 2021 +2021 January 13 2022 diff --git a/doc/CHANGES b/doc/CHANGES index 1cc8e2f..801c923 100644 --- a/doc/CHANGES +++ b/doc/CHANGES @@ -14537,3 +14537,33 @@ December 12 2021 abcmidi: changed bar length warning as suggested by James Allwright. +January 13 2022 + +abc2midi: stack overflow bugs reported by Kolja Grassmann + + +static int getword(place,w) in genmidi.c +check that the syllable[200] array is not overrun +in the while loop ((syllastus != postword)...) add && (i<199) + +static void karaokestarttrack in genmidi.c +replace strcpy(atitle+2,atext[pitch[j]]) +with strncpy(atitle+2,atext[pitch[j]], 197) +to prevent overflowing the atitle[200] array +in three places. + +static int inlist(place, passno) in genmidi.c +To prevent stack overflow in msg[100]; +use snprintf instead of sprintf +snprintf(msg, 100, "Bad variant list : %s", atext[pitch[place]]); + +void event_handle_instruction(s) in store.c +To prevent overrunning the array buff[MAXLINE] +used snprintf instead of sprintf + snprintf(buff, MAXLINE, "instruction !%s! ignored", s); + +void event_info_key(key, value) in store.c +To prevent overrunning the array errmsg[80] +used snprintf instead of sprintf +snprintf(errmsg, 80, "I: key \' %s\' not recognized", key); + diff --git a/doc/readme.txt b/doc/readme.txt index da5d52b..3feb492 100644 --- a/doc/readme.txt +++ b/doc/readme.txt @@ -1,7 +1,7 @@ abcMIDI : abc <-> MIDI conversion utilities midi2abc version 3.48 June 27 2021 -abc2midi version 4.64 December 12 2021 +abc2midi version 4.65 January 13 2022 abc2abc version 2.15 May 25 2021 yaps version 1.87 May 25 2021 abcmatch version 1.80 November 25 2021 diff --git a/genmidi.c b/genmidi.c index 3097e93..9ceb341 100644 --- a/genmidi.c +++ b/genmidi.c @@ -31,8 +31,11 @@ /* for Microsoft Visual C++ Ver 6 and higher */ #ifdef _MSC_VER #define ANSILIBS +#define snprintf _snprintf +#define strncasecmp strnicmp #endif + #include "abc.h" #include "parseabc.h" #include "queues.h" @@ -811,17 +814,17 @@ int track; if (feature[j] == TITLE) { if (track != 2) mf_write_meta_event(0L, sequence_name, atext[pitch[j]], strlen (atext[pitch[j]])); - strcpy(atitle+2, atext[pitch[j]]); + strncpy(atitle+2, atext[pitch[j]], 197); /* [KG] 2022-01-13 stack overflow bug */ text_data(atitle); done--; } if (feature[j] == COMPOSER) { - strcpy(atitle+2, atext[pitch[j]]); + strncpy(atitle+2, atext[pitch[j]], 197); /* [KG] 2022-01-13 stack overflow bug */ text_data(atitle); done--; } if (feature[j] == COPYRIGHT) { - strcpy(atitle+2, atext[pitch[j]]); + strcpy(atitle+2, atext[pitch[j]]); /* [KG] 2022-01-13 stack overflow bug */ text_data(atitle); done--; } @@ -966,7 +969,8 @@ int w; syllstatus = empty; c = *(words[w]+(*place)); isBig5 = 0; /* [BI] 2012-10-03 */ - while ((syllstatus != postword) && (syllstatus != failed)) { + while ((syllstatus != postword) && (syllstatus != failed) && (i<199)) { + /* [KG] 2022-01-13 stack overflow bug fix */ syllable[i] = c; /* printf("syllstatus = %d c = %c i = %d place = %d row= %d \n",syllstatus,c,i,*place,w); */ if (isBig5) { /* [BI] 2012-10-03 */ @@ -1252,7 +1256,8 @@ int passno; found = 0; while ((found == 0) && (*p != '\0')) { if (!isdigit(*p)) { - sprintf(msg, "Bad variant list : %s", atext[pitch[place]]); + snprintf(msg, 100, "Bad variant list : %s", atext[pitch[place]]); +/* [KG] 2022-01-13 stack overflow bug */ event_error(msg); found = 1; }; diff --git a/store.c b/store.c index 4ee73d1..e136baa 100644 --- a/store.c +++ b/store.c @@ -186,7 +186,7 @@ int main() */ -#define VERSION "4.64 December 12 2021 abc2midi" +#define VERSION "4.65 January 13 2022 abc2midi" /* enables reading V: indication in header */ #define XTEN1 1 @@ -3171,7 +3171,8 @@ char* value; else if (is_abcm2ps_option (key)) return; else { - sprintf(errmsg,"I: key \' %s\' not recognized", key); + /* [KG] 2022-01-13 stack overflow */ + snprintf(errmsg, 80, "I: key \' %s\' not recognized", key); if (quiet == -1 && silent == 0) event_error(errmsg); /* [SS] 2018-04-01 */ } } @@ -4747,7 +4748,8 @@ if (nofnop == 0) { }; if (done == 0 && quiet == -1) { /* [SS] 2013-11-02 */ - sprintf(buff, "instruction !%s! ignored", s); + snprintf(buff, MAXLINE, "instruction !%s! ignored", s); + /* [KG] 2022-01-13 static overflow */ event_warning(buff); }; }