2022.01.13

VERSION

@@ -1,2 +1,2 @@
-2021 December 12 2021
+2021 January 13 2022
 

doc/CHANGES

@@ -14537,3 +14537,33 @@ December 12 2021
 abcmidi: changed bar length warning as suggested by James Allwright.
 
 
+January 13 2022
+
+abc2midi: stack overflow bugs reported by Kolja Grassmann
+<koljagrassman@mailbox.org>
+
+static int getword(place,w) in genmidi.c
+check that the syllable[200] array is not overrun
+in the while loop ((syllastus != postword)...) add && (i<199)
+
+static void karaokestarttrack in genmidi.c
+replace strcpy(atitle+2,atext[pitch[j]])
+with strncpy(atitle+2,atext[pitch[j]], 197)
+to prevent overflowing the atitle[200] array
+in three places.
+
+static int inlist(place, passno) in genmidi.c
+To prevent stack overflow in msg[100];
+use snprintf instead of sprintf
+snprintf(msg, 100, "Bad variant list : %s", atext[pitch[place]]);
+
+void event_handle_instruction(s) in store.c
+To prevent overrunning the array buff[MAXLINE]
+used snprintf instead of sprintf
+ snprintf(buff, MAXLINE, "instruction !%s! ignored", s);
+
+void event_info_key(key, value) in store.c
+To prevent overrunning the array errmsg[80]
+used snprintf instead of sprintf
+snprintf(errmsg, 80, "I: key \' %s\' not recognized", key);
+

doc/readme.txt

@@ -1,7 +1,7 @@
 abcMIDI :   abc <-> MIDI conversion utilities
 
 midi2abc version 3.48 June 27 2021
-abc2midi version 4.64 December 12 2021
+abc2midi version 4.65 January 13 2022
 abc2abc  version 2.15 May 25 2021
 yaps     version 1.87 May 25 2021
 abcmatch version 1.80 November 25 2021

genmidi.c

@@ -31,8 +31,11 @@
 /* for Microsoft Visual C++ Ver 6 and higher */
 #ifdef _MSC_VER
 #define ANSILIBS
+#define snprintf _snprintf
+#define strncasecmp strnicmp
 #endif
 
+
 #include "abc.h"
 #include "parseabc.h"
 #include "queues.h"
@@ -811,17 +814,17 @@ int track;
      if (feature[j] == TITLE) {
         if (track != 2)
            mf_write_meta_event(0L, sequence_name, atext[pitch[j]], strlen (atext[pitch[j]]));
-        strcpy(atitle+2, atext[pitch[j]]);
+        strncpy(atitle+2, atext[pitch[j]], 197); /* [KG] 2022-01-13 stack overflow bug */
         text_data(atitle);
         done--;
      }
      if (feature[j] == COMPOSER) {
-        strcpy(atitle+2, atext[pitch[j]]);
+        strncpy(atitle+2, atext[pitch[j]], 197); /* [KG] 2022-01-13 stack overflow bug */
         text_data(atitle);
         done--;
      }     
      if (feature[j] == COPYRIGHT) {
-        strcpy(atitle+2, atext[pitch[j]]);
+        strcpy(atitle+2, atext[pitch[j]]); /* [KG] 2022-01-13 stack overflow bug */
         text_data(atitle);
         done--;
      }
@@ -966,7 +969,8 @@ int w;
   syllstatus = empty;
   c = *(words[w]+(*place));
   isBig5 = 0;  /* [BI] 2012-10-03 */
-  while ((syllstatus != postword) && (syllstatus != failed)) {
+  while ((syllstatus != postword) && (syllstatus != failed) && (i<199)) {
+  /* [KG] 2022-01-13 stack overflow bug fix */
   syllable[i] = c;
     /* printf("syllstatus = %d c = %c i = %d place = %d row= %d \n",syllstatus,c,i,*place,w); */
 	if (isBig5) { /* [BI] 2012-10-03 */
@@ -1252,7 +1256,8 @@ int passno;
     found = 0;
     while ((found == 0) && (*p != '\0')) {
       if (!isdigit(*p)) {
-        sprintf(msg, "Bad variant list : %s", atext[pitch[place]]);
+        snprintf(msg, 100, "Bad variant list : %s", atext[pitch[place]]);
+/* [KG] 2022-01-13 stack overflow bug */
         event_error(msg);
         found = 1;
       };

store.c

@@ -186,7 +186,7 @@ int main()
 
 */
 
-#define VERSION "4.64 December 12 2021 abc2midi" 
+#define VERSION "4.65 January 13 2022 abc2midi" 
 
 /* enables reading V: indication in header */
 #define XTEN1 1
@@ -3171,7 +3171,8 @@ char* value;
   else if (is_abcm2ps_option (key)) return;
 
   else {
-    sprintf(errmsg,"I: key \' %s\' not recognized", key);
+    /* [KG] 2022-01-13 stack overflow */
+    snprintf(errmsg, 80, "I: key \' %s\' not recognized", key);
     if (quiet == -1 && silent == 0) event_error(errmsg); /* [SS] 2018-04-01 */
     }
 }
@@ -4747,7 +4748,8 @@ if (nofnop == 0) {
    };
 
   if (done == 0 && quiet == -1) {    /* [SS] 2013-11-02 */
-    sprintf(buff, "instruction !%s! ignored", s);
+    snprintf(buff, MAXLINE, "instruction !%s! ignored", s);
+    /* [KG] 2022-01-13 static overflow */
     event_warning(buff);
   };
 }