summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorWilliam Wilgus <wilgus.william@gmail.com>2023-01-08 15:43:05 -0500
committerWilliam Wilgus <wilgus.william@gmail.com>2023-01-08 15:43:05 -0500
commit3694314058e20075c83e6f1a3f0ecf82e6135888 (patch)
tree2c0aad0012c12baf72fa3c8799a3c1c20fbc872a
parent282a54b23c6cad011be1d046ed76bc1b1d85ea33 (diff)
downloadrockbox-3694314058e20075c83e6f1a3f0ecf82e6135888.tar.gz
rockbox-3694314058e20075c83e6f1a3f0ecf82e6135888.zip
[BugFix] voicefont.c buffer overflow
voicefont.c expected a max of 999 voice IDs we are at 1013 or so bad stuff happened TM new limit is 2048 and added an error message (no file will be created if limit exceeded) Change-Id: Ifda6dc5c45883551f8ae8f0d4efc9f7acdb7c90f
Diffstat
-rw-r--r--tools/voicefont.c29
1 files changed, 21 insertions, 8 deletions
diff --git a/tools/voicefont.c b/tools/voicefont.c
index b732f49c07..82ab537b73 100644
--- a/tools/voicefont.c
+++ b/tools/voicefont.c
@@ -29,8 +29,9 @@
29#include <stdio.h> 29#include <stdio.h>
30#include <string.h> 30#include <string.h>
31 31
32#define HEADER_SIZE 20 32#define HEADER_SIZE (20)
33 33#define MAX_NAME_LEN (80)
34#define MAX_VOICE_ENTRIES (2048)
34/* endian conversion macros */ 35/* endian conversion macros */
35#if defined(__BIG_ENDIAN__) 36#if defined(__BIG_ENDIAN__)
36#define UINT_TO_BE(x) (x) 37#define UINT_TO_BE(x) (x)
@@ -47,11 +48,11 @@ int voicefont(FILE* voicefontids,int targetnum,char* filedir, FILE* output, unsi
47 int i,j; 48 int i,j;
48 49
49 /* two tables, one for normal strings, one for voice-only (>0x8000) */ 50 /* two tables, one for normal strings, one for voice-only (>0x8000) */
50 static char names[1000][80]; /* worst-case space */ 51 static char names[MAX_VOICE_ENTRIES][MAX_NAME_LEN]; /* worst-case space */
51 char name[80]; /* one string ID */ 52 char name[MAX_NAME_LEN]; /* one string ID */
52 static int pos[1000]; /* position of sample */ 53 static int pos[MAX_VOICE_ENTRIES]; /* position of sample */
53 static int size[1000]; /* length of clip */ 54 static int size[MAX_VOICE_ENTRIES]; /* length of clip */
54 int voiceonly[1000]; /* flag if this is voice only */ 55 int voiceonly[MAX_VOICE_ENTRIES]; /* flag if this is voice only */
55 int count = 0; 56 int count = 0;
56 int count_voiceonly = 0; 57 int count_voiceonly = 0;
57 unsigned int value; /* value to be written to file */ 58 unsigned int value; /* value to be written to file */
@@ -86,6 +87,11 @@ int voicefont(FILE* voicefontids,int targetnum,char* filedir, FILE* output, unsi
86 } 87 }
87 fclose(voicefontids); 88 fclose(voicefontids);
88 89
90 if (count > MAX_VOICE_ENTRIES)
91 {
92 return -1;
93 }
94
89 fseek(output, HEADER_SIZE + count*8, SEEK_SET); /* space for header */ 95 fseek(output, HEADER_SIZE + count*8, SEEK_SET); /* space for header */
90 96
91 for (i=0; i<count; i++) 97 for (i=0; i<count; i++)
@@ -161,6 +167,9 @@ int voicefont(FILE* voicefontids,int targetnum,char* filedir, FILE* output, unsi
161 fwrite(&value, sizeof(value), 1,output); 167 fwrite(&value, sizeof(value), 1,output);
162 value = UINT_TO_BE(size[i]); /* size */ 168 value = UINT_TO_BE(size[i]); /* size */
163 fwrite(&value, sizeof(value), 1, output); 169 fwrite(&value, sizeof(value), 1, output);
170 printf(": [%d]%s : %s {%x, %x}\n", i,
171 (voiceonly[i] ==1 ? "[V]":""), names[i],
172 UINT_TO_BE(pos[i]), UINT_TO_BE(size[i])); /* debug */
164 } /* for i */ 173 } /* for i */
165 } /* for j */ 174 } /* for j */
166 175
@@ -199,7 +208,11 @@ int main (int argc, char** argv)
199 return -2; 208 return -2;
200 } 209 }
201 210
202 voicefont(ids, atoi(argv[2]),argv[3],output, 400); 211 if (voicefont(ids, atoi(argv[2]),argv[3],output, 400) < 0)
212 {
213 printf("Error too many voicefont entries!\n");
214 return -3;
215 }
203 return 0; 216 return 0;
204} 217}
205#endif 218#endif
generated by cgit v1.2.3 (git 2.39.1) at 2024-10-05 21:45:51 +0000