From c8c67ca9caec3c0a4f44dfaf3aa5eb9bf0d905a9 Mon Sep 17 00:00:00 2001 From: Johannes Schultz Date: Mon, 18 Nov 2024 18:44:10 +0000 Subject: [PATCH] [Fix] MED: Avoid undefined behaviour with out-of-range echo depth parameter (found with afl++ + ubsan). git-svn-id: https://source.openmpt.org/svn/openmpt/trunk/OpenMPT@22221 56274372-70c3-4bfc-bfc3-4c3a0b034d27 --- soundlib/Load_med.cpp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/soundlib/Load_med.cpp b/soundlib/Load_med.cpp index d84d7ce4873..e4b37cd11d3 100644 --- a/soundlib/Load_med.cpp +++ b/soundlib/Load_med.cpp @@ -1388,9 +1388,9 @@ bool CSoundFile::ReadMED(FileReader &file, ModLoadingFlags loadFlags) if((header.mixEchoType == 1 || header.mixEchoType == 2) && numPlugins < MAX_MIXPLUGINS) { // Emulating MED echo using the DMO echo requires to compensate for the differences in initial feedback in the latter. - const float feedback = 1.0f / (1 << std::max(header.mixEchoDepth, uint8(1))); // The feedback we want - const float initialFeedback = std::sqrt(1.0f - (feedback * feedback)); // Actual strength of first delay's feedback - const float wetFactor = feedback / initialFeedback; // Factor to compensate for this + const float feedback = 1.0f / (1 << std::clamp(header.mixEchoDepth, uint8(1), uint8(9))); // The feedback we want + const float initialFeedback = std::sqrt(1.0f - (feedback * feedback)); // Actual strength of first delay's feedback + const float wetFactor = feedback / initialFeedback; // Factor to compensate for this const float delay = (std::max(header.mixEchoLength.get(), uint16(1)) - 1) / 1999.0f; SNDMIXPLUGIN &mixPlug = m_MixPlugins[numPlugins]; mpt::reconstruct(mixPlug);