Merge pull request #7765 from AdmiralCurtiss/fzero-save-file-out-of-bounds
GCMemcard: Fix out of bounds access in F-Zero GX checksum calculation.
This commit is contained in:
commit
9e4ab87a34
|
@ -1277,12 +1277,15 @@ s32 GCMemcard::FZEROGX_MakeSaveGameValid(const Header& cardheader, const DEntry&
|
|||
u32 i, j;
|
||||
u32 serial1, serial2;
|
||||
u16 chksum = 0xFFFF;
|
||||
int block = 0;
|
||||
|
||||
// check for F-Zero GX system file
|
||||
if (strcmp(reinterpret_cast<const char*>(direntry.m_filename.data()), "f_zero.dat") != 0)
|
||||
return 0;
|
||||
|
||||
// also make sure that the filesize is correct
|
||||
if (FileBuffer.size() != 4)
|
||||
return 0;
|
||||
|
||||
// get encrypted destination memory card serial numbers
|
||||
cardheader.CARD_GetSerialNo(&serial1, &serial2);
|
||||
|
||||
|
@ -1295,7 +1298,9 @@ s32 GCMemcard::FZEROGX_MakeSaveGameValid(const Header& cardheader, const DEntry&
|
|||
// calc 16-bit checksum
|
||||
for (i = 0x02; i < 0x8000; i++)
|
||||
{
|
||||
chksum ^= (FileBuffer[block].m_block[i - (block * 0x2000)] & 0xFF);
|
||||
const int block = i / 0x2000;
|
||||
const int offset = i % 0x2000;
|
||||
chksum ^= (FileBuffer[block].m_block[offset] & 0xFF);
|
||||
for (j = 8; j > 0; j--)
|
||||
{
|
||||
if (chksum & 1)
|
||||
|
@ -1303,8 +1308,6 @@ s32 GCMemcard::FZEROGX_MakeSaveGameValid(const Header& cardheader, const DEntry&
|
|||
else
|
||||
chksum >>= 1;
|
||||
}
|
||||
if (!(i % 0x2000))
|
||||
block++;
|
||||
}
|
||||
|
||||
// set new checksum
|
||||
|
|
Loading…
Reference in New Issue