Skip to content

Commit

Permalink
mtk.cpp: Don't use memcpy() for overlapping copies
Browse files Browse the repository at this point in the history 
While uncompressing data in CmtkLoader::load(), memcpy() may
be called with overlapping source and destination buffers as
the byte count can be larger than the offset. The result of
such a call is undefined, so copy byte for byte in a for loop
instead.

Fixes: adplug#110
  • Loading branch information
@miller-alex @Malvineous
miller-alex authored and Malvineous committed Jun 10, 2020
1 parent 31a33e2 commit e17b3dc
Showing 1 changed file with 8 additions and 2 deletions.
10 changes: 8 additions & 2 deletions src/mtk.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,14 +107,20 @@ bool CmtkLoader::load(const std::string &filename, const CFileProvider &fp)
offs = (cnt+3) + (cmp[cmpptr] << 4);
cnt = cmp[++cmpptr] + 16; cmpptr++;
if (orgptr + cnt > header.size || offs > orgptr) goto err;
memcpy(&org[orgptr],&org[orgptr - offs],cnt);
// may overlap, can't use memcpy()
//memcpy(&org[orgptr],&org[orgptr - offs],cnt);
for (i = 0; i < cnt; i++)
org[orgptr + i] = org[orgptr - offs + i];
orgptr += cnt;
break;

default:
offs = (cnt+3) + (cmp[cmpptr++] << 4);
if (orgptr + cmd > header.size || offs > orgptr) goto err;
memcpy(&org[orgptr],&org[orgptr-offs],cmd);
// may overlap, can't use memcpy()
//memcpy(&org[orgptr],&org[orgptr-offs],cmd);
for (i = 0; i < cmd; i++)
org[orgptr + i] = org[orgptr - offs + i];
orgptr += cmd;
break;
}
Expand Down

0 comments on commit e17b3dc

Please sign in to comment.