Browse Source
Fixed a potential crash when reading MIDI files with incorrect track length chunks
tags/2021-05-28
ed
6 years ago
1 changed files with 5 additions and 4 deletions
Unified View
Diff Options
+ 5
- 4
modules/juce_audio_basics/midi/juce_MidiFile.cpp
View File
| @@ -262,25 +262,26 @@ bool MidiFile::readFrom (InputStream& sourceStream, bool createMatchingNoteOffs) | |||||
| if (size > 16 && MidiFileHelpers::parseMidiHeader (d, timeFormat, fileType, expectedTracks)) | if (size > 16 && MidiFileHelpers::parseMidiHeader (d, timeFormat, fileType, expectedTracks)) | ||||
| { | { | ||||
| size -= (size_t) (d - static_cast<const uint8*> (data.getData())); | size -= (size_t) (d - static_cast<const uint8*> (data.getData())); | ||||
| int track = 0; | int track = 0; | ||||
| while (size > 0 && track < expectedTracks) | |||||
| for (;;) | |||||
| { | { | ||||
| auto chunkType = (int) ByteOrder::bigEndianInt (d); | auto chunkType = (int) ByteOrder::bigEndianInt (d); | ||||
| d += 4; | d += 4; | ||||
| auto chunkSize = (int) ByteOrder::bigEndianInt (d); | auto chunkSize = (int) ByteOrder::bigEndianInt (d); | ||||
| d += 4; | d += 4; | ||||
| if (chunkSize <= 0) | |||||
| if (chunkSize <= 0 || (size_t) chunkSize > size) | |||||
| break; | break; | ||||
| if (chunkType == (int) ByteOrder::bigEndianInt ("MTrk")) | if (chunkType == (int) ByteOrder::bigEndianInt ("MTrk")) | ||||
| readNextTrack (d, chunkSize, createMatchingNoteOffs); | readNextTrack (d, chunkSize, createMatchingNoteOffs); | ||||
| if (++track >= expectedTracks) | |||||
| break; | |||||
| size -= (size_t) chunkSize + 8; | size -= (size_t) chunkSize + 8; | ||||
| d += chunkSize; | d += chunkSize; | ||||
| ++track; | |||||
| } | } | ||||
| return true; | return true; | ||||