ShuriZma
/
fceux
mirror of https://github.com/TASEmulators/fceux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed potential buffer overflows in RAM Search.

This commit is contained in:
aquanull@gmail.com 2018-12-24 12:01:28 +08:00
parent fe64ca3771
commit b6df31d0f3
1 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/drivers/win/ram_search.cpp
View File

@ -146,23 +146,23 @@ void ResetMemoryRegions()
{ {
MemoryRegion& region = *iter; MemoryRegion& region = *iter;
region.virtualIndex = nextVirtualIndex; region.virtualIndex = nextVirtualIndex;
nextVirtualIndex = region.virtualIndex + region.size; nextVirtualIndex = region.virtualIndex + region.size + 4;
} }
//assert(nextVirtualIndex <= MAX_RAM_SIZE); //assert(nextVirtualIndex <= MAX_RAM_SIZE);
if(nextVirtualIndex > MAX_RAM_SIZE) if(nextVirtualIndex > MAX_RAM_SIZE)
{ {
s_prevValues = (unsigned char*)realloc(s_prevValues, sizeof(char)*(nextVirtualIndex+4)); s_prevValues = (unsigned char*)realloc(s_prevValues, sizeof(unsigned char)*nextVirtualIndex);
memset(s_prevValues, 0, sizeof(char)*(nextVirtualIndex+4)); memset(s_prevValues, 0, sizeof(unsigned char)*nextVirtualIndex);
s_curValues = (unsigned char*)realloc(s_curValues, sizeof(char)*(nextVirtualIndex+4)); s_curValues = (unsigned char*)realloc(s_curValues, sizeof(unsigned char)*nextVirtualIndex);
memset(s_curValues, 0, sizeof(char)*(nextVirtualIndex+4)); memset(s_curValues, 0, sizeof(unsigned char)*nextVirtualIndex);
s_numChanges = (unsigned short*)realloc(s_numChanges, sizeof(short)*(nextVirtualIndex+4)); s_numChanges = (unsigned short*)realloc(s_numChanges, sizeof(unsigned short)*nextVirtualIndex);
memset(s_numChanges, 0, sizeof(short)*(nextVirtualIndex+4)); memset(s_numChanges, 0, sizeof(unsigned short)*nextVirtualIndex);
s_itemIndexToRegionPointer = (MemoryRegion**)realloc(s_itemIndexToRegionPointer, sizeof(MemoryRegion*)*(nextVirtualIndex+4)); s_itemIndexToRegionPointer = (MemoryRegion**)realloc(s_itemIndexToRegionPointer, sizeof(MemoryRegion*)*nextVirtualIndex);
memset(s_itemIndexToRegionPointer, 0, sizeof(MemoryRegion*)*(nextVirtualIndex+4)); memset(s_itemIndexToRegionPointer, 0, sizeof(MemoryRegion*)*nextVirtualIndex);
MAX_RAM_SIZE = nextVirtualIndex; MAX_RAM_SIZE = nextVirtualIndex;
} }