Rev 12126 |
Rev 12128 |
Go to most recent revision |
Compare with Previous |
Directory listing |
Details |
Blame |
View Log
| SVN
| RSS feed
Last modification
- Rev 12127 – 1327 d 6 h
- Author: manx
- Log message:
- [Fix] libmodplug: C API: Limit the length of strings copied to the output buffer of ModPlug_InstrumentName() and ModPlug_SampleName() to 32 bytes (including terminating null) as is done by original libmodplug. This avoids potential buffer overflows in software relying on this limit instead of querying the required buffer size beforehand. libopenmpt can return strings longer than 32 bytes here beacuse the internal limit of 32 bytes applies to strings encoded in arbitrary character encodings but the API returns them converted to UTF-8, which can be longer. (reported by Antonio Morales Maldonado of Semmle Security Research Team)