Scanf problems

[shlyakpavel]

PVS studio warning: V614 Uninitialized buffer 's' used. Consider checking the first actual argument of the 'sscanf' function.

lmms/src/core/DrumSynth.cpp

Line 133 in 5ebe0e0

if(sscanf(s, "%f", &envpts[env][0][ep])==0) envpts[env][0][ep] = 0.f;

[zonkmachine]

If I remember correctly, DrumSynth files do crash directly on exit when debugging on the master branch with the floating point exceptions set. Could be this? I never got around to debug it.

[PhysSong]

The code is supposed to work with valid DrumSynth files since the else clause initializes s first. With valid files, en should look like this: 0,0 2,4 12,0.
The GetEnv function, however, has several problems. With an invalid file which gives en like ,AAAAAAAAAAAAAAA AAAAAAA, the function will suffer from garbage values and buffer overrun.
IMO this function might be considered as a security vulnerability as well.

[PhysSong]

The problem with GetEnv doesn't look that much severe when I tested with some manually corrupted files, but I'm not sure if we can leave the code as-is.

[shlyakpavel]

@PhysSong I agree it's vulnerable so this should not be left "as is".

[M374LX]

This might be solved by adding the line
s[0]=0;
right after
en[255]=0; //be safe!