Skip to content

Fuzz patch 1 original#67

Merged
Konstanty merged 52 commits intoKonstanty:oob_read_fixesfrom
AliceLR:fuzz-patch-1-original
Jan 28, 2022
Merged

Fuzz patch 1 original#67
Konstanty merged 52 commits intoKonstanty:oob_read_fixesfrom
AliceLR:fuzz-patch-1-original

Conversation

@Konstanty
Copy link
Owner

@Konstanty Konstanty commented Jan 28, 2022

  • Experimenting merging on existing fuzz fixes.

AliceLR added 30 commits June 12, 2021 23:49
@AliceLR
Fix misc. bugs found by libfuzzer.
04c5d45 
* Fix out-of-bounds reads in the DSMI AMF loader caused by missing
  order list bounds checks.
* Fix out-of-bounds reads in the FAR loader caused by not correctly
  bounding the maximum pattern read size.
* Fix out-of-bounds reads in the IT sample decompressors caused by
  allowing ITReadBits to read past the end of the sample buffer.
* Fix out-of-bounds reads in the MED loader caused by the MMD2PLAYSEQ
  table bounds check not including the size of the offset being read.
* Fix out-of-bounds reads in the MIDI loader caused by no bounds
  checks being performed on the mmread* and mid_read* functions.
* Fix leaks in the MIDI loader caused by not freeing MIDTRACKs.
* Fix leak and hangs in the MIDI loader caused by not releasing the
  MIDI structs and reentry flag when m_nChannels is 0.
* Fix out-of-bounds reads in the OKT loader caused by numerous bounds
  checks not correctly including the size of the data being read.
* Fix out-of-bounds reads in the PSM loader caused by dereferencing
  (PSMCHUNK *)lpStream before any bounds checks.
* Fix out-of-bounds reads in the S3M loader due to various absent
  bounds checks.
* Fix out-of-bounds reads in the ULT loader due to incorrect event
  bounding.
* Fix out-of-bounds reads in the XM loader due to not including the
  size of XMINSTRUMENTHEADER in the XMSAMPLEHEADER bounds check.
@AliceLR
Fix MIDI loader crash caused by undersized message buffer.
aea13cc
@AliceLR
Fix out-of-bounds read in PAT loader caused by invalid GM patches.
96a4c49
@AliceLR
Fix MIDI loader crashes when tr->workevent is NULL.
f145d21
@AliceLR
Fix more PSM breakage introduced by Konstanty#36, 6e38479.
b04985a
@AliceLR
Fix crash in PSM loader from invalid sample numbers in pattern data.
401a3f3
@AliceLR
Fix crash in MDL loader caused by bad instrument data bounding.
e26e8dd
@AliceLR
Fix crash in MDL loader caused by bad track bounding.
e67185d
@AliceLR
Fix MT2 loader crashes caused by bad instrument bounding.
d95ee0d
@AliceLR
Fix another MDL track bounding bug.
094c3a1
@AliceLR
Fix instrument leaks in DBM loader.
2e8cc41
@AliceLR
Fix MT2 out-of-bounds nDrumDataLen read.
2af03d9
@AliceLR
Fix crash in MT2 loader caused by faulty group bounds check.
9c8cac1
@AliceLR
Fix MT2 out-of-bounds reads caused by various faulty/missing checks.
37ca347
@AliceLR
Fix STM pattern leaks and pattern size corruption.
3526aa2
@AliceLR
Fix MDL crashes due to bad envelope bounding and duplicate envelope c…
8253cac 
…hunks.
@AliceLR
Revise new MDL instrument sample struct bounds check.
8bdf601
@AliceLR
Fix out-of-bounds read in XM pattern loader.
14c4506
@AliceLR
Fix MED loader out-of-bounds reads caused by bad sample bounding.
c078f24
@AliceLR
Revise MT2 instrument sample bounds checks.
6b2eac7
@AliceLR
Fix hang in DMF loader caused by duplicate PATT chunks.
fa36b80
@AliceLR
Fix out-of-bounds read in MDL loader due to missing info chunk bounds…
d620a46 
… check.
@AliceLR
Fix MMCMP out-of-bounds read due to broken subblock bounds checking.
be99ce4
@AliceLR
Also fix potential bug in the remaining MMCMP subblock bounds check.
d264a9d
@AliceLR
Fix hang in MT2 loader caused by very large extra data chunk sizes.
647843d
@AliceLR
Fix MED block name bounding, always nul-terminate block name.
29cc57e
@AliceLR
Fix MT2 crash caused by missing sample data length bounds check.
3389523
@AliceLR
Fix/cleanup MMCMP bounds checks to reduce slow loads.
772a719
@AliceLR
Revise DMF duplicate pattern check to prevent hangs.
8b19c81
@AliceLR
Revise OKT loader PATT bounding, import fix from Konstanty#53.
7564bf2
AliceLR added 22 commits June 18, 2021 04:21
@AliceLR
Fix DMF bounding for INFO, SEQU, and SMPI chunks.
00125a6
@AliceLR
Improve DMF pattern bounding.
74dff27
@AliceLR
Fix DMF slow loads caused by missing DMFUnpack EOF check.
f39b8c3
@AliceLR
Fix DMF sample leaks caused by duplicate SMPD chunks.
77a1424
@AliceLR
Add bounds checks to Extreme's Tracker AMS loader.
1bef4e1
@AliceLR
Fix Velvet Studio AMS crash, constify pointers.
11871de
@AliceLR
Fix another Extreme's AMS crash.
31910e1
@AliceLR
Fix AMS slow loads due to large garbage samples.
ecf8df0
@AliceLR
Fix AMS2 instrument bounding checks.
6948105
@AliceLR
Add more missing consts in AMS loaders.
4282f68
@AliceLR
Add missing AMSUnpack bounds checks.
5e1443f
@AliceLR
Fix AMS sample packed length bounding.
2ff82c3
@AliceLR
Revise MIDI debug message fix to still use sprintf instead of snprintf.
19a5370
@AliceLR
Add missing DMF sample bounds check.
89b591f
@AliceLR
Fix WAV fmt header bounds check, add consts to WAV loader.
d8ee117
@AliceLR
Shrink AMS samples if the packed size can't possibly fit them.
cd6baf2
@AliceLR
Fix hang in WAV loader caused by missing chunk length check.
38a7b2f
@AliceLR
Fix XM slow loads caused by bad instrument checks, fix other checks.
f2c6827
@AliceLR
Revise FAR max pattern length bounding to be more readable.
6dfcfed
@AliceLR
Fix off-by-one AMS pattern bounds checks.
70d73b9
@AliceLR
Add extra AMS2 pitchenv bounds check in case support is ever added fo…
f768b60 
…r it.
@AliceLR
Add missing DMF track bounds check, tweak for consistency.
4317cb7
@Konstanty Konstanty merged commit 1eec55f into Konstanty:oob_read_fixes Jan 28, 2022
This was referenced Jan 28, 2022
Closed
Merged
Merged
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Konstanty @AliceLR