MIDI "Reset" message crash


#1

Hi,

If JUCE receives a MIDI Reset “0xff” message ( https://www.recordingblogs.com/wiki/midi-reset-message ), it is crashing (if built with Address sanitizer on macos) with the following stack trace:

(ERROR: AddressSanitizer: heap-buffer-overflow)
 #0 0x1000c8a22 in juce::MidiMessage::readVariableLengthVal(unsigned char const*, int&) juce_MidiMessage.cpp:67
    #1 0x1000c2423 in juce::MidiBufferHelpers::findActualEventLength(unsigned char const*, int) juce_MidiBuffer.cpp:61
    #2 0x1000c205b in juce::MidiBuffer::addEvent(void const*, int, int) juce_MidiBuffer.cpp:118
    #3 0x10019df63 in juce::MidiMessageCollector::removeNextBlockOfMessages(juce::MidiBuffer&, int) juce_MidiMessageCollector.cpp:127
    #4 0x10064bdc7 in juce::AudioProcessorPlayer::audioDeviceIOCallback(float const**, int, float**, int, int) 

I guess ‘MidiMessage::readVariableLengthVal’ should also take a ‘maxBytes’ arguments to prevent it from reading outside the buffer.


#2

Thank you for reporting.