ref: ae9391ae2c59d017020e8d46dc6a78d155444dc5
parent: a6f7b5d3e289b8df1c6e165dc3c63883ca760db9
author: Olav Sørensen <olav.sorensen@live.no>
date: Mon Nov 28 11:02:57 EST 2022
Pattern loop @ row>0 can overflow next pattern row pos
--- a/src/ft2_replayer.c
+++ b/src/ft2_replayer.c
@@ -2215,6 +2215,15 @@
song.pattNum = song.orders[song.songPos & 0xFF];
song.currNumRows = patternNumRows[song.pattNum & 0xFF];
}
+
+ /*
+ ** Because of a bug in FT2, pattern loop commands will manipulate
+ ** the row the next pattern will begin at (should be 0).
+ ** However, this can overflow the number of rows (length) for that
+ ** pattern and cause out-of-bounds reads. Set to row 0 in this case.
+ */
+ if (song.row >= song.currNumRows)
+ song.row = 0;
}
}