Fix buffer overflow when creating firmware.dfc file string
When the user uses an external firmware image, there is a call to getpathnoext() in firmware.cpp:571 in order to generate a file name for the saved firmware config file. The size of the MMU.fw.userfile char buffer is only 260, as declared in mc.h:73. However, getpathnoext() expects the buffer size to be MAX_PATH, which is declared as 1024 in types.h:77. The buffer overflow occurs in path.h:293 with the call to strncpy(), which copies 1024 chars into MMU.fw.userfile, which is only 260 chars. This patch fixes this bug by setting the MMU.fw.userfile char buffer to a size of MAX_PATH. This is consistent with the char buffers used for the other file names. From rogerman, #3328686
This commit is contained in:
riccardom
parent
3e29b63554
commit
0c7d5d796d
|
|
@ -1,6 +1,6 @@
|
|||
/* Copyright (C) 2006 thoduv
|
||||
Copyright (C) 2006 Theo Berkau
|
||||
Copyright (C) 2008-2010 DeSmuME team
|
||||
Copyright (C) 2008-2011 DeSmuME team
|
||||
|
||||
This file is part of DeSmuME
|
||||
|
||||
|
|
@ -70,7 +70,7 @@ struct memory_chip_t
|
|||
|
||||
// needs only for firmware
|
||||
bool isFirmware;
|
||||
char userfile[260];
|
||||
char userfile[MAX_PATH];
|
||||
};
|
||||
|
||||
//the new backup system by zeromus
|
||||
|
|
|
|||
Loading…
Reference in New Issue