diff --git a/src/DevTest.c b/src/DevTest.c index df34186d..17b06c6d 100644 --- a/src/DevTest.c +++ b/src/DevTest.c @@ -250,6 +250,8 @@ static int check_midi_event (unsigned char *midi_data, unsigned long int midi_si unsigned char event = 0; unsigned int meta_length = 0; unsigned int i = 0; + unsigned long int input_length = midi_size; + /* printf("Midi Data: "); for (i = 0; i < ((midi_size >= 32)? 32 : midi_size); i++) { @@ -272,6 +274,7 @@ static int check_midi_event (unsigned char *midi_data, unsigned long int midi_si event = *midi_data++; midi_size--; rtn_cnt++; + input_length--; } switch (event >> 4) { @@ -285,6 +288,7 @@ static int check_midi_event (unsigned char *midi_data, unsigned long int midi_si printf("Note Off: chan(%i) note(%i) vel(%i)\n", (event & 0x0F), midi_data[0], midi_data[1]); rtn_cnt += 2; + input_length -= 2; check_notes[(event & 0x0F)][midi_data[0]] = 0; break; case 0x9: @@ -297,6 +301,7 @@ static int check_midi_event (unsigned char *midi_data, unsigned long int midi_si printf("Note On: chan(%i) note(%i) vel(%i)\n", (event & 0x0F), midi_data[0], midi_data[1]); rtn_cnt += 2; + input_length -= 2; if (midi_data[1] == 0) { check_notes[(event & 0x0F)][midi_data[0]] = 0; } else { @@ -313,6 +318,7 @@ static int check_midi_event (unsigned char *midi_data, unsigned long int midi_si printf("Aftertouch: chan(%i) note(%i) vel(%i)\n", (event & 0x0F), midi_data[0], midi_data[1]); rtn_cnt += 2; + input_length -= 2; break; case 0xB: if (!(options & EVENT_DATA_8BIT)) { @@ -387,6 +393,8 @@ static int check_midi_event (unsigned char *midi_data, unsigned long int midi_si printf("chan(%i) set(%i)\n", (event & 0x0F), midi_data[1]); } rtn_cnt += 2; + input_length -= 2; + break; case 0xC: if ((midi_size == 0) || (*midi_data > 0x7F)) { @@ -397,6 +405,7 @@ static int check_midi_event (unsigned char *midi_data, unsigned long int midi_si printf("Set Patch: chan(%i) patch(%i)\n", (event & 0x0F), *midi_data); rtn_cnt++; + input_length--; break; case 0xD: if ((midi_size == 0) || (*midi_data > 0x7F)) { @@ -407,6 +416,7 @@ static int check_midi_event (unsigned char *midi_data, unsigned long int midi_si printf("Channel Pressure: chan(%i) pres(%i)\n", (event & 0x0F), *midi_data); rtn_cnt++; + input_length--; break; case 0xE: if ((midi_size < 2) || (midi_data[0] > 0x7F) @@ -418,6 +428,7 @@ static int check_midi_event (unsigned char *midi_data, unsigned long int midi_si printf("Set Pitch: chan(%i) pitch(%i)\n", (event & 0x0F), ((midi_data[0] << 7) | midi_data[1])); rtn_cnt += 2; + input_length -= 2; break; case 0xF: if ((event == 0xF0) || (event == 0xF7)) { @@ -433,16 +444,21 @@ static int check_midi_event (unsigned char *midi_data, unsigned long int midi_si midi_data++; midi_size--; rtn_cnt++; + input_length--; } sysex_size = (sysex_size << 7) | (*midi_data & 0x7F); midi_data++; midi_size--; rtn_cnt++; + input_length--; + + if (input_length < sysex_size){ + printf("Corrupt sysex size, was larger than rest of file.\n"); + return -1; + } - sysex_store = realloc(sysex_store, - (sysex_store_ofs + sysex_size)); - memcpy(&sysex_store[sysex_store_ofs], midi_data, - sysex_size); + sysex_store = realloc(sysex_store, (sysex_store_ofs + sysex_size)); + memcpy(&sysex_store[sysex_store_ofs], midi_data, sysex_size); sysex_store_ofs += sysex_size; if (sysex_store[sysex_store_ofs - 1] == 0xF7) { @@ -514,6 +530,7 @@ static int check_midi_event (unsigned char *midi_data, unsigned long int midi_si free(sysex_store); sysex_store = NULL; rtn_cnt += sysex_size; + input_length -= sysex_size; } else if ((event <= 0xFE) && (event >= 0xF1)) { // Added just in case printf("Realtime Event: 0x%.2x ** NOTE: Not expected in midi file type data\n",event); @@ -652,11 +669,13 @@ static int check_midi_event (unsigned char *midi_data, unsigned long int midi_si midi_data++; midi_size--; rtn_cnt++; + input_length--; meta_length = 0; while (*midi_data > 0x7F) { meta_length = (meta_length << 7) | (*midi_data & 0x7F); midi_data++; rtn_cnt++; + input_length--; if (midi_size == 0) { printf("Data too short: Missing MIDI Data\n"); return -1; @@ -667,6 +686,7 @@ static int check_midi_event (unsigned char *midi_data, unsigned long int midi_si midi_data++; midi_size--; rtn_cnt++; + input_length--; if (midi_size < meta_length) { printf("Data too short: Missing MIDI Data\n"); @@ -685,6 +705,7 @@ static int check_midi_event (unsigned char *midi_data, unsigned long int midi_si printf("\n"); } rtn_cnt += meta_length; + input_length -= meta_length; } else { printf("Corrupt Midi, Unknown Event Data\n"); return -1;