ShuriZma
/
fceux
mirror of https://github.com/TASEmulators/fceux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #110 from bbbradsmith/toosmall_chrram 

CHR size < 1k allows NES program to corrupt memory
This commit is contained in:
CaH4e3 2020-05-03 22:27:44 +03:00 committed by GitHub
parent 16a965d15c 2cdb283a64
commit 12667209de
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 33 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/cart.cpp
View File

@ -132,6 +132,11 @@ void SetupCartCHRMapping(int chip, uint8 *p, uint32 size, int ram) {
CHRmask4[chip] = (size >> 12) - 1;
CHRmask8[chip] = (size >> 13) - 1;
if (CHRmask1[chip] >= (unsigned int)(-1)) CHRmask1[chip] = 0;
if (CHRmask2[chip] >= (unsigned int)(-1)) CHRmask2[chip] = 0;
if (CHRmask4[chip] >= (unsigned int)(-1)) CHRmask4[chip] = 0;
if (CHRmask8[chip] >= (unsigned int)(-1)) CHRmask8[chip] = 0;
CHRram[chip] = ram;
}

32
src/ines.cpp
View File

@ -895,8 +895,31 @@ int iNESLoad(const char *name, FCEUFILE *fp, int OverwriteVidMode) {
iNESCart.battery = (head.ROM_type & 2) ? 1 : 0;
iNESCart.mirror = Mirroring;
if (!iNES_Init(MapperNo))
int result = iNES_Init(MapperNo);
switch(result)
{
case 0:
goto init_ok;
case 1:
FCEU_PrintError("iNES mapper #%d is not supported at all.", MapperNo);
goto init_ok; // this error is still allowed to run as NROM?
case 2:
FCEU_PrintError("Unable to allocate CHR-RAM.");
break;
case 3:
FCEU_PrintError("CHR-RAM size < 1k is not supported.");
break;
}
if (ROM) free(ROM);
if (VROM) free(VROM);
if (trainerpoo) free(trainerpoo);
if (ExtraNTARAM) free(ExtraNTARAM);
ROM = NULL;
VROM = NULL;
trainerpoo = NULL;
ExtraNTARAM = NULL;
return 0;
init_ok:
GameInfo->mappernum = MapperNo;
FCEU_LoadGameSave(&iNESCart);
@ -1020,7 +1043,8 @@ static int iNES_Init(int num) {
{
CHRRAMSize = iNESCart.battery_vram_size + iNESCart.vram_size;
}
if ((VROM = (uint8*)FCEU_dmalloc(CHRRAMSize)) == NULL) return 0;
if (CHRRAMSize < 1024) return 3; // unsupported size, VPage only goes down to 1k banks, NES program can corrupt memory if used
if ((VROM = (uint8*)FCEU_dmalloc(CHRRAMSize)) == NULL) return 2;
FCEU_MemoryRand(VROM, CHRRAMSize);
UNIFchrrama = VROM;
@ -1040,9 +1064,9 @@ static int iNES_Init(int num) {
if (head.ROM_type & 8)
AddExState(ExtraNTARAM, 2048, 0, "EXNR");
tmp->init(&iNESCart);
return 1;
return 0;
}
tmp++;
}
return 0;
return 1;
}