h1or4dme8/osu-lazer
1
0
Fork 0
mirror of https://github.com/ppy/osu.git synced 2024-12-14 10:12:54 +08:00
Code Issues Releases Wiki Activity

Increase validation performed on .osu files to avoid hard crashes

Browse Source
This commit is contained in:
Dean Herbert 2019-03-12 20:31:15 +09:00
parent 13f84e8d50
commit cc09ecbfcf
3 changed files with 66 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
osu.Game/Beatmaps/Formats/LegacyBeatmapDecoder.cs
View File

@ -280,8 +280,8 @@ namespace osu.Game.Beatmaps.Formats
{
string[] split = line.Split(',');
double time = getOffsetTime(double.Parse(split[0].Trim(), NumberFormatInfo.InvariantInfo));
double beatLength = double.Parse(split[1].Trim(), NumberFormatInfo.InvariantInfo);
double time = getOffsetTime(Parsing.ParseDouble(split[0].Trim()));
double beatLength = Parsing.ParseDouble(split[1].Trim());
double speedMultiplier = beatLength < 0 ? 100.0 / -beatLength : 1;
TimeSignatures timeSignature = TimeSignatures.SimpleQuadruple;

45
osu.Game/Beatmaps/Formats/LegacyParser.cs Normal file
View File

@ -0,0 +1,45 @@
// Copyright (c) ppy Pty Ltd <contact@ppy.sh>. Licensed under the MIT Licence.
// See the LICENCE file in the repository root for full licence text.
using System;
using System.Globalization;
namespace osu.Game.Beatmaps.Formats
{
/// <summary>
/// Helper methods to parse from string to number and perform very basic validation.
/// </summary>
public static class Parsing
{
public const int MAX_COORDINATE_VALUE = 65536;
public const double MAX_PARSE_VALUE = int.MaxValue;
public static double ParseFloat(string input, float parseLimit = (float)MAX_PARSE_VALUE)
{
var output = float.Parse(input, CultureInfo.InvariantCulture);
if (output < -parseLimit) throw new FormatException("Value is too low");
if (output > parseLimit) throw new FormatException("Value is too high");
return output;
}
public static double ParseDouble(string input, double parseLimit = MAX_PARSE_VALUE)
{
var output = double.Parse(input, CultureInfo.InvariantCulture);
if (output < -parseLimit) throw new FormatException("Value is too low");
if (output > parseLimit) throw new FormatException("Value is too high");
return output;
}
public static int ParseInt(string input, int parseLimit = (int)MAX_PARSE_VALUE)
{
var output = int.Parse(input, CultureInfo.InvariantCulture);
if (output < -parseLimit) throw new FormatException("Value is too low");
if (output > parseLimit) throw new FormatException("Value is too high");
return output;
}
}
}

35
osu.Game/Rulesets/Objects/Legacy/ConvertHitObjectParser.cs
View File

@ -5,7 +5,6 @@ using osuTK;
using osu.Game.Rulesets.Objects.Types;
using System;
using System.Collections.Generic;
using System.Globalization;
using System.IO;
using osu.Game.Beatmaps.Formats;
using osu.Game.Audio;
@ -46,9 +45,11 @@ namespace osu.Game.Rulesets.Objects.Legacy
{
string[] split = text.Split(',');
Vector2 pos = new Vector2((int)Convert.ToSingle(split[0], CultureInfo.InvariantCulture), (int)Convert.ToSingle(split[1], CultureInfo.InvariantCulture));
Vector2 pos = new Vector2((int)Parsing.ParseFloat(split[0], Parsing.MAX_COORDINATE_VALUE), (int)Parsing.ParseFloat(split[1], Parsing.MAX_COORDINATE_VALUE));
ConvertHitObjectType type = (ConvertHitObjectType)int.Parse(split[3]);
double startTime = Parsing.ParseDouble(split[2]) + Offset;
ConvertHitObjectType type = (ConvertHitObjectType)Parsing.ParseInt(split[3]);
int comboOffset = (int)(type & ConvertHitObjectType.ComboOffset) >> 4;
type &= ~ConvertHitObjectType.ComboOffset;
@ -56,7 +57,7 @@ namespace osu.Game.Rulesets.Objects.Legacy
bool combo = type.HasFlag(ConvertHitObjectType.NewCombo);
type &= ~ConvertHitObjectType.NewCombo;
var soundType = (LegacySoundType)int.Parse(split[4]);
var soundType = (LegacySoundType)Parsing.ParseInt(split[4]);
var bankInfo = new SampleBankInfo();
HitObject result = null;
@ -107,7 +108,7 @@ namespace osu.Game.Rulesets.Objects.Legacy
}
string[] temp = t.Split(':');
points[pointIndex++] = new Vector2((int)Convert.ToDouble(temp[0], CultureInfo.InvariantCulture), (int)Convert.ToDouble(temp[1], CultureInfo.InvariantCulture)) - pos;
points[pointIndex++] = new Vector2((int)Parsing.ParseDouble(temp[0], Parsing.MAX_COORDINATE_VALUE), (int)Parsing.ParseDouble(temp[1], Parsing.MAX_COORDINATE_VALUE)) - pos;
}
// osu-stable special-cased colinear perfect curves to a CurveType.Linear
@ -116,7 +117,7 @@ namespace osu.Game.Rulesets.Objects.Legacy
if (points.Length == 3 && pathType == PathType.PerfectCurve && isLinear(points))
pathType = PathType.Linear;
int repeatCount = Convert.ToInt32(split[6], CultureInfo.InvariantCulture);
int repeatCount = Parsing.ParseInt(split[6]);
if (repeatCount > 9000)
throw new ArgumentOutOfRangeException(nameof(repeatCount), @"Repeat count is way too high");
@ -125,7 +126,7 @@ namespace osu.Game.Rulesets.Objects.Legacy
repeatCount = Math.Max(0, repeatCount - 1);
if (split.Length > 7)
length = Convert.ToDouble(split[7], CultureInfo.InvariantCulture);
length = Math.Max(0, Parsing.ParseDouble(split[7]));
if (split.Length > 10)
readCustomSampleBanks(split[10], bankInfo);
@ -184,7 +185,9 @@ namespace osu.Game.Rulesets.Objects.Legacy
}
else if (type.HasFlag(ConvertHitObjectType.Spinner))
{
result = CreateSpinner(new Vector2(512, 384) / 2, combo, comboOffset, Convert.ToDouble(split[5], CultureInfo.InvariantCulture) + Offset);
double endTime = Math.Max(startTime, Parsing.ParseDouble(split[5]) + Offset);
result = CreateSpinner(new Vector2(512, 384) / 2, combo, comboOffset, endTime);
if (split.Length > 6)
readCustomSampleBanks(split[6], bankInfo);
@ -193,12 +196,12 @@ namespace osu.Game.Rulesets.Objects.Legacy
{
// Note: Hold is generated by BMS converts
double endTime = Convert.ToDouble(split[2], CultureInfo.InvariantCulture);
double endTime = Math.Max(0, Parsing.ParseDouble(split[2]));
if (split.Length > 5 && !string.IsNullOrEmpty(split[5]))
{
string[] ss = split[5].Split(':');
endTime = Convert.ToDouble(ss[0], CultureInfo.InvariantCulture);
endTime = Parsing.ParseDouble(ss[0]);
readCustomSampleBanks(string.Join(":", ss.Skip(1)), bankInfo);
}
@ -211,7 +214,7 @@ namespace osu.Game.Rulesets.Objects.Legacy
return null;
}
result.StartTime = Convert.ToDouble(split[2], CultureInfo.InvariantCulture) + Offset;
result.StartTime = startTime;
if (result.Samples.Count == 0)
result.Samples = convertSoundType(soundType, bankInfo);
@ -222,7 +225,7 @@ namespace osu.Game.Rulesets.Objects.Legacy
}
catch (FormatException)
{
throw new FormatException("One or more hit objects were malformed.");
return null;
}
}
@ -233,8 +236,8 @@ namespace osu.Game.Rulesets.Objects.Legacy
string[] split = str.Split(':');
var bank = (LegacyBeatmapDecoder.LegacySampleBank)int.Parse(split[0]);
var addbank = (LegacyBeatmapDecoder.LegacySampleBank)int.Parse(split[1]);
var bank = (LegacyBeatmapDecoder.LegacySampleBank)Parsing.ParseInt(split[0]);
var addbank = (LegacyBeatmapDecoder.LegacySampleBank)Parsing.ParseInt(split[1]);
string stringBank = bank.ToString().ToLowerInvariant();
if (stringBank == @"none")
@ -247,10 +250,10 @@ namespace osu.Game.Rulesets.Objects.Legacy
bankInfo.Add = string.IsNullOrEmpty(stringAddBank) ? stringBank : stringAddBank;
if (split.Length > 2)
bankInfo.CustomSampleBank = int.Parse(split[2]);
bankInfo.CustomSampleBank = Parsing.ParseInt(split[2]);
if (split.Length > 3)
bankInfo.Volume = int.Parse(split[3]);
bankInfo.Volume = Parsing.ParseInt(split[3]);
bankInfo.Filename = split.Length > 4 ? split[4] : null;
}