Update upstream source from tag 'upstream/0.4.9'

Update to upstream version '0.4.9' with Debian dir 4722dbd83d4ba10107fb5c5a529caf6366c2b337
author: James Cowgill <jcowgill@debian.org> 2019-10-04 10:01:20 +0100
committer: James Cowgill <jcowgill@debian.org> 2019-10-04 10:01:20 +0100
commit: fe26d12bd2e63d57cb196fd9b66a54ba1d54f3a0 (patch)
tree: 92d4ea50419f75b503c8c1cc62aba6dd26e1d23d
parent: 9bcdf1daa7c75e4f4141a3c76490aac37fedc770 (diff)
parent: 3f8fc5dffe02081c55aa8a9fbe4ab090dd831e67 (diff)
9 files changed, 58 insertions, 62 deletions
diff --git a/common/versionNumber.h b/common/versionNumber.h
index e62b7cc..ee67ed3 100644
--- a/common/versionNumber.h
+++ b/common/versionNumber.h
@@ -21,7 +21,7 @@ OPENMPT_NAMESPACE_BEGIN
 #define VER_MAJORMAJOR  1
 #define VER_MAJOR      28
 #define VER_MINOR      07
-#define VER_MINORMINOR 02
+#define VER_MINORMINOR 04
 
 //Numerical value of the version.
 #define MPT_VERSION_CURRENT MAKE_VERSION_NUMERIC(VER_MAJORMAJOR,VER_MAJOR,VER_MINOR,VER_MINORMINOR)
diff --git a/configure b/configure
index 06d8b55..86d7b40 100755
--- a/configure
+++ b/configure
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for libopenmpt 0.4.8+release.autotools.
+# Generated by GNU Autoconf 2.69 for libopenmpt 0.4.9+release.autotools.
 #
 # Report bugs to <https://bugs.openmpt.org/>.
 #
@@ -590,8 +590,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='libopenmpt'
 PACKAGE_TARNAME='libopenmpt'
-PACKAGE_VERSION='0.4.8+release.autotools'
-PACKAGE_STRING='libopenmpt 0.4.8+release.autotools'
+PACKAGE_VERSION='0.4.9+release.autotools'
+PACKAGE_STRING='libopenmpt 0.4.9+release.autotools'
 PACKAGE_BUGREPORT='https://bugs.openmpt.org/'
 PACKAGE_URL='https://lib.openmpt.org/'
 
@@ -1485,7 +1485,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures libopenmpt 0.4.8+release.autotools to adapt to many kinds of systems.
+\`configure' configures libopenmpt 0.4.9+release.autotools to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1556,7 +1556,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of libopenmpt 0.4.8+release.autotools:";;
+     short | recursive ) echo "Configuration of libopenmpt 0.4.9+release.autotools:";;
    esac
   cat <<\_ACEOF
 
@@ -1756,7 +1756,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-libopenmpt configure 0.4.8+release.autotools
+libopenmpt configure 0.4.9+release.autotools
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2246,7 +2246,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by libopenmpt $as_me 0.4.8+release.autotools, which was
+It was created by libopenmpt $as_me 0.4.9+release.autotools, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -3117,7 +3117,7 @@ fi
 
 # Define the identity of the package.
  PACKAGE='libopenmpt'
- VERSION='0.4.8+release.autotools'
+ VERSION='0.4.9+release.autotools'
 
 
 cat >>confdefs.h <<_ACEOF
@@ -17281,13 +17281,13 @@ LIBOPENMPT_LTVER_AGE=1
 
 
 
-$as_echo "#define MPT_SVNURL \"https://source.openmpt.org/svn/openmpt/tags/libopenmpt-0.4.8\"" >>confdefs.h
+$as_echo "#define MPT_SVNURL \"https://source.openmpt.org/svn/openmpt/tags/libopenmpt-0.4.9\"" >>confdefs.h
 
 
-$as_echo "#define MPT_SVNVERSION \"12122\"" >>confdefs.h
+$as_echo "#define MPT_SVNVERSION \"12139\"" >>confdefs.h
 
 
-$as_echo "#define MPT_SVNDATE \"2019-09-30T07:50:33.283911Z\"" >>confdefs.h
+$as_echo "#define MPT_SVNDATE \"2019-10-02T14:33:59.345896Z\"" >>confdefs.h
 
 
 $as_echo "#define MPT_PACKAGE true" >>confdefs.h
@@ -23527,7 +23527,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by libopenmpt $as_me 0.4.8+release.autotools, which was
+This file was extended by libopenmpt $as_me 0.4.9+release.autotools, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -23594,7 +23594,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-libopenmpt config.status 0.4.8+release.autotools
+libopenmpt config.status 0.4.9+release.autotools
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 
diff --git a/configure.ac b/configure.ac
index 57c56e6..55f3593 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-AC_INIT([libopenmpt], [0.4.8+release.autotools], [https://bugs.openmpt.org/], [libopenmpt], [https://lib.openmpt.org/])
+AC_INIT([libopenmpt], [0.4.9+release.autotools], [https://bugs.openmpt.org/], [libopenmpt], [https://lib.openmpt.org/])
 AC_PREREQ([2.68])
 
 AC_CONFIG_MACRO_DIR([m4])
@@ -27,9 +27,9 @@ AC_SUBST([LIBOPENMPT_LTVER_CURRENT])
 AC_SUBST([LIBOPENMPT_LTVER_REVISION])
 AC_SUBST([LIBOPENMPT_LTVER_AGE])
 
-AC_DEFINE([MPT_SVNURL], ["https://source.openmpt.org/svn/openmpt/tags/libopenmpt-0.4.8"], [svn version])
-AC_DEFINE([MPT_SVNVERSION], ["12122"], [svn version])
-AC_DEFINE([MPT_SVNDATE], ["2019-09-30T07:50:33.283911Z"], [svn date])
+AC_DEFINE([MPT_SVNURL], ["https://source.openmpt.org/svn/openmpt/tags/libopenmpt-0.4.9"], [svn version])
+AC_DEFINE([MPT_SVNVERSION], ["12139"], [svn version])
+AC_DEFINE([MPT_SVNDATE], ["2019-10-02T14:33:59.345896Z"], [svn date])
 AC_DEFINE([MPT_PACKAGE], [true], [is package])
 
 
diff --git a/libopenmpt/dox/changelog.md b/libopenmpt/dox/changelog.md
index 4aff2cf..6b4c678 100644
--- a/libopenmpt/dox/changelog.md
+++ b/libopenmpt/dox/changelog.md
@@ -5,6 +5,22 @@ Changelog {#changelog}
 For fully detailed change log, please see the source repository directly. This
 is just a high-level summary.
 
+### libopenmpt 0.4.9 (2019-10-02)
+
+ *  [**Sec**] libmodplug: C API: Limit the length of strings copied to the
+    output buffer of `ModPlug_InstrumentName()` and `ModPlug_SampleName()` to 32
+    bytes (including terminating null) as is done by original libmodplug. This
+    avoids potential buffer overflows in software relying on this limit instead
+    of querying the required buffer size beforehand. libopenmpt can return
+    strings longer than 32 bytes here beacuse the internal limit of 32 bytes
+    applies to strings encoded in arbitrary character encodings but the API
+    returns them converted to UTF-8, which can be longer. (reported by Antonio
+    Morales Maldonado of Semmle Security Research Team) (r12129)
+ *  [**Sec**] libmodplug: C++ API: Do not return 0 in
+    `CSoundFile::GetSampleName()` and `CSoundFile::GetInstrumentName()` when a
+    null output pointer is provided. This behaviour differed from libmodplug and
+    made it impossible to determine the required buffer size. (r12130)
+
 ### libopenmpt 0.4.8 (2019-09-30)
 
  *  [**Sec**] Possible crash due to out-of-bounds read when playing an OPL note
diff --git a/libopenmpt/libopenmpt_modplug.c b/libopenmpt/libopenmpt_modplug.c
index d5b4695..da13edc 100644
--- a/libopenmpt/libopenmpt_modplug.c
+++ b/libopenmpt/libopenmpt_modplug.c
@@ -478,53 +478,35 @@ LIBOPENMPT_MODPLUG_API unsigned int ModPlug_NumChannels(ModPlugFile* file)
 LIBOPENMPT_MODPLUG_API unsigned int ModPlug_SampleName(ModPlugFile* file, unsigned int qual, char* buff)
 {
 	const char* str;
-	unsigned int retval;
-	size_t tmpretval;
+	char buf[32];
 	if(!file) return 0;
 	str = openmpt_module_get_sample_name(file->mod,qual-1);
-	if(!str){
-		if(buff){
-			*buff = '\0';
-		}
-		return 0;
-	}
-	tmpretval = strlen(str);
-	if(tmpretval>=INT_MAX){
-		tmpretval = INT_MAX-1;
+	memset(buf,0,32);
+	if(str){
+		strncpy(buf,str,31);
+		openmpt_free_string(str);
 	}
-	retval = (int)tmpretval;
 	if(buff){
-		memcpy(buff,str,retval+1);
-		buff[retval] = '\0';
+		strncpy(buff,buf,32);
 	}
-	openmpt_free_string(str);
-	return retval;
+	return (unsigned int)strlen(buf);
 }
 
 LIBOPENMPT_MODPLUG_API unsigned int ModPlug_InstrumentName(ModPlugFile* file, unsigned int qual, char* buff)
 {
 	const char* str;
-	unsigned int retval;
-	size_t tmpretval;
+	char buf[32];
 	if(!file) return 0;
 	str = openmpt_module_get_instrument_name(file->mod,qual-1);
-	if(!str){
-		if(buff){
-			*buff = '\0';
-		}
-		return 0;
-	}
-	tmpretval = strlen(str);
-	if(tmpretval>=INT_MAX){
-		tmpretval = INT_MAX-1;
+	memset(buf,0,32);
+	if(str){
+		strncpy(buf,str,31);
+		openmpt_free_string(str);
 	}
-	retval = (int)tmpretval;
 	if(buff){
-		memcpy(buff,str,retval+1);
-		buff[retval] = '\0';
+		strncpy(buff,buf,32);
 	}
-	openmpt_free_string(str);
-	return retval;
+	return (unsigned int)strlen(buf);
 }
 
 LIBOPENMPT_MODPLUG_API ModPlugNote* ModPlug_GetPattern(ModPlugFile* file, int pattern, unsigned int* numrows)
diff --git a/libopenmpt/libopenmpt_modplug_cpp.cpp b/libopenmpt/libopenmpt_modplug_cpp.cpp
index a1d36e5..f487339 100644
--- a/libopenmpt/libopenmpt_modplug_cpp.cpp
+++ b/libopenmpt/libopenmpt_modplug_cpp.cpp
@@ -304,9 +304,6 @@ void CSoundFile::SetCurrentOrder( UINT nOrder ) {
 
 UINT CSoundFile::GetSampleName( UINT nSample, LPSTR s ) const {
 	mpcpplog();
-	if ( !s ) {
-		return 0;
-	}
 	char buf[32];
 	std::memset( buf, 0, 32 );
 	if ( mod ) {
@@ -315,15 +312,14 @@ UINT CSoundFile::GetSampleName( UINT nSample, LPSTR s ) const {
 			std::strncpy( buf, names[ nSample - 1 ].c_str(), 31 );
 		}
 	}
-	std::memcpy( s, buf, 32 );
+	if ( s ) {
+		std::strncpy( s, buf, 32 );
+	}
 	return static_cast<UINT>( std::strlen( buf ) );
 }
 
 UINT CSoundFile::GetInstrumentName( UINT nInstr, LPSTR s ) const {
 	mpcpplog();
-	if ( !s ) {
-		return 0;
-	}
 	char buf[32];
 	std::memset( buf, 0, 32 );
 	if ( mod ) {
@@ -332,7 +328,9 @@ UINT CSoundFile::GetInstrumentName( UINT nInstr, LPSTR s ) const {
 			std::strncpy( buf, names[ nInstr - 1 ].c_str(), 31 );
 		}
 	}
-	std::memcpy( s, buf, 32 );
+	if ( s ) {
+		std::strncpy( s, buf, 32 );
+	}
 	return static_cast<UINT>( std::strlen( buf ) );
 }
 
diff --git a/libopenmpt/libopenmpt_version.h b/libopenmpt/libopenmpt_version.h
index cb1c2f3..686c351 100644
--- a/libopenmpt/libopenmpt_version.h
+++ b/libopenmpt/libopenmpt_version.h
@@ -19,7 +19,7 @@
 /*! \brief libopenmpt minor version number */
 #define OPENMPT_API_VERSION_MINOR 4
 /*! \brief libopenmpt patch version number */
-#define OPENMPT_API_VERSION_PATCH 8
+#define OPENMPT_API_VERSION_PATCH 9
 /*! \brief libopenmpt pre-release tag */
 #define OPENMPT_API_VERSION_PREREL ""
 /*! \brief libopenmpt pre-release flag */
diff --git a/libopenmpt/libopenmpt_version.mk b/libopenmpt/libopenmpt_version.mk
index 8b99bf9..59dd997 100644
--- a/libopenmpt/libopenmpt_version.mk
+++ b/libopenmpt/libopenmpt_version.mk
@@ -1,8 +1,8 @@
 LIBOPENMPT_VERSION_MAJOR=0
 LIBOPENMPT_VERSION_MINOR=4
-LIBOPENMPT_VERSION_PATCH=8
+LIBOPENMPT_VERSION_PATCH=9
 LIBOPENMPT_VERSION_PREREL=
 
 LIBOPENMPT_LTVER_CURRENT=1
-LIBOPENMPT_LTVER_REVISION=8
+LIBOPENMPT_LTVER_REVISION=9
 LIBOPENMPT_LTVER_AGE=1
diff --git a/man/openmpt123.1 b/man/openmpt123.1
index 74b6419..5f8572b 100644
--- a/man/openmpt123.1
+++ b/man/openmpt123.1
@@ -1,5 +1,5 @@
 .\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.4.
-.TH OPENMPT123 "1" "September 2019" "openmpt123 v0.4.8" "User Commands"
+.TH OPENMPT123 "1" "October 2019" "openmpt123 v0.4.9" "User Commands"
 .SH NAME
 openmpt123 - command line module music player based on libopenmpt
 .SH SYNOPSIS
author	James Cowgill <jcowgill@debian.org>	2019-10-04 10:01:20 +0100
committer	James Cowgill <jcowgill@debian.org>	2019-10-04 10:01:20 +0100
commit	fe26d12bd2e63d57cb196fd9b66a54ba1d54f3a0 (patch)
tree	92d4ea50419f75b503c8c1cc62aba6dd26e1d23d
parent	9bcdf1daa7c75e4f4141a3c76490aac37fedc770 (diff)
parent	3f8fc5dffe02081c55aa8a9fbe4ab090dd831e67 (diff)