Author Topic: weaked a first pile of software  (Read 3139 times)

Offline Leo.Robusto

  • Active artist
  • *
  • Posts: 16
weaked a first pile of software
« on: October 21, 2008, 20:17:18 »
Hello fellows,

as I prommised,
I tweaked a first pile of software to suppress the compiler warnings.
I tweaked the unlha project, yet.

I got some warnings, which  have the same reason:

I)
Code: [Select]
typedef struct LzHeader
{
...
  unsigned char header_size;
...
}


should use unsigned short instead.
Otherwise there are lots of locations with the threat of integer overflow!

II)
Code: [Select]
class CLhaArchive
{
...
  protected:
  short *child, *parent, *block, *edge, *stock, *node;
...
}


In methods like
Code: [Select]
void CLhaArchive::reconst(int start, int end)
all of the looping vars are int (32bit) and not short (16bit).

This might resume in (dangerous?) index overflows!

Either we reduce all looping vars to shorts,
or reset the short pointers to 'unsigned int'!

I am not an expet, but these inex over/underflows
might be a dangerous security leak!!


Yours,
   Leo
P.S.: where shall I post a first patch file?
Getting feedback would be helpful!
The Answer is out there - "The X-Files"

Offline Relabsoluness

  • OpenMPT Developers
  • *****
  • Posts: 709
Re: weaked a first pile of software
« Reply #1 on: October 22, 2008, 21:08:33 »
There indeed may be, and probably is, problems in the unlha code, but it is almost completely unused, and I doubt it's worth the trouble to start fixing problems in it -- especially since it might be better to simply remove it at some point. This also applies to unrar and unzip, so fixing the warnings in mptrack code first sounds like a better plan.

Quote from: "Leo.Robusto"
P.S.: where shall I post a first patch file?

Patch file can be send to
<email address is no longer available>

Offline Saga Musix

  • OpenMPT Developers
  • *****
  • Posts: 7,104
  • aka Jojo
    • Download music, samples, VST plugins: Saga Musix Website
  • Operating System: Windows 10 x64
weaked a first pile of software
« Reply #2 on: January 26, 2009, 15:13:20 »
Quote
especially since it might be better to simply remove it at some point. This also applies to unrar and unzip, so fixing the warnings in mptrack code first sounds like a better plan.

I don't think that's a good idea. Zipped module support has been there for a very long time, and not only inside modplug. remember that the unzip code is needed for ITZ/MDZ/S3Z/XMZ support, and the unlha code is needed for mods inside LHA archives. I'm not even sure if the unrar code is used at the moment, but LHA (for amiga stuff) and ZIP support should definitely not be dropped. Especially since ZIP could be a container format for a new MPTM format, as discussed before. :)
» No support, bug reports, feature requests via private messages - they will not be answered. Use the forums and the issue tracker so that everyone can benefit from your post.

Offline Relabsoluness

  • OpenMPT Developers
  • *****
  • Posts: 709
weaked a first pile of software
« Reply #3 on: January 26, 2009, 18:40:08 »
Yes I'm aware of the use of the decompression routines, and I'm not saying that the support should be terminated, but instead that the implementations should be changed.

Offline Saga Musix

  • OpenMPT Developers
  • *****
  • Posts: 7,104
  • aka Jojo
    • Download music, samples, VST plugins: Saga Musix Website
  • Operating System: Windows 10 x64
weaked a first pile of software
« Reply #4 on: January 26, 2009, 18:50:20 »
Ok, I got you wrong then.
» No support, bug reports, feature requests via private messages - they will not be answered. Use the forums and the issue tracker so that everyone can benefit from your post.