From 265ab1487b3e2df7c2fdff17f1f89f77464a3b6d Mon Sep 17 00:00:00 2001 From: Robbert van der Helm Date: Fri, 14 Apr 2023 03:28:13 +0200 Subject: [PATCH] Catch negative indices in IParamValueQueue impl This would cause crashes with the validator which created empty parameter queues, and many plugins try to `getPoint(numPoints() - 1)`. --- CHANGELOG.md | 8 ++++++++ src/common/serialization/vst3/param-value-queue.cpp | 3 ++- .../serialization/vst3/plugin-factory/plugin-factory.cpp | 9 ++++++--- 3 files changed, 16 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 17b18bae..80929c3e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,6 +17,14 @@ Versioning](https://semver.org/spec/v2.0.0.html). makes sure that Wine will keep using X11 even if Wayland support becomes available at some point. +### Fixed + +- Negative indices were not treated as invalid arguments in some of the VST3 + interface implementations and could cause crashes if a plugin for instance + tried to query a parameter value with signed index -1. This has now been + fixed. The issue only appeared with the VST3 validator, and not with any + regular hosts. + ### yabridgectl - VST 3.7.5 `moduleinfo.json` files without a `Compatibility` field are now diff --git a/src/common/serialization/vst3/param-value-queue.cpp b/src/common/serialization/vst3/param-value-queue.cpp index 31b300b1..f0799ada 100644 --- a/src/common/serialization/vst3/param-value-queue.cpp +++ b/src/common/serialization/vst3/param-value-queue.cpp @@ -71,7 +71,8 @@ tresult PLUGIN_API YaParamValueQueue::getPoint( // NOLINTNEXTLINE(bugprone-easily-swappable-parameters) int32& sampleOffset /*out*/, Steinberg::Vst::ParamValue& value /*out*/) { - if (index < static_cast(queue_.size())) { + // Indices are signed integers, fun + if (index >= 0 && index < static_cast(queue_.size())) { sampleOffset = queue_[index].first; value = queue_[index].second; diff --git a/src/common/serialization/vst3/plugin-factory/plugin-factory.cpp b/src/common/serialization/vst3/plugin-factory/plugin-factory.cpp index 262108b7..0b8a87f4 100644 --- a/src/common/serialization/vst3/plugin-factory/plugin-factory.cpp +++ b/src/common/serialization/vst3/plugin-factory/plugin-factory.cpp @@ -118,7 +118,8 @@ int32 PLUGIN_API YaPluginFactory3::countClasses() { tresult PLUGIN_API YaPluginFactory3::getClassInfo(Steinberg::int32 index, Steinberg::PClassInfo* info) { - if (index >= static_cast(arguments_.class_infos_1.size())) { + if (index < 0 || + index >= static_cast(arguments_.class_infos_1.size())) { return Steinberg::kInvalidArgument; } @@ -134,7 +135,8 @@ tresult PLUGIN_API YaPluginFactory3::getClassInfo(Steinberg::int32 index, tresult PLUGIN_API YaPluginFactory3::getClassInfo2(int32 index, Steinberg::PClassInfo2* info) { - if (index >= static_cast(arguments_.class_infos_2.size())) { + if (index < 0 || + index >= static_cast(arguments_.class_infos_2.size())) { return Steinberg::kInvalidArgument; } @@ -151,7 +153,8 @@ YaPluginFactory3::getClassInfo2(int32 index, Steinberg::PClassInfo2* info) { tresult PLUGIN_API YaPluginFactory3::getClassInfoUnicode(int32 index, Steinberg::PClassInfoW* info) { - if (index >= static_cast(arguments_.class_infos_unicode.size())) { + if (index < 0 || + index >= static_cast(arguments_.class_infos_unicode.size())) { return Steinberg::kInvalidArgument; }