From bf372552bcb3b6a02f02132e4891b83e7ed543e8 Mon Sep 17 00:00:00 2001 From: zeromus Date: Thu, 6 Jun 2019 13:33:30 -0400 Subject: [PATCH] fix overflowing buffer made worse by 0d26e6f or possibly created by that commit. fixes #30 better. the debugger was replacing comments and names inside a buffer returned from the old portable disassembly function, which was returning a privately retained 64 byte buffer. previously names were limited to 30 characters, so it's possible expanding names in disassembly never blew that buffer. testing of the 0d26e6f commit either stressed it harder than ever before, or hard enough to break it for the first time solved by copying the disassembly buffer into a new buffer for expanding address labels to names, etc --- src/drivers/win/debugger.cpp | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/src/drivers/win/debugger.cpp b/src/drivers/win/debugger.cpp index 35d08982..1e9c5846 100644 --- a/src/drivers/win/debugger.cpp +++ b/src/drivers/win/debugger.cpp @@ -603,7 +603,6 @@ void Disassemble(HWND hWnd, int id, int scrollid, unsigned int addr) strcat(debug_str, chr); } else { - char* a; if ((addr + size) > 0xFFFF) { while (addr < 0xFFFF) @@ -624,28 +623,30 @@ void Disassemble(HWND hWnd, int id, int scrollid, unsigned int addr) size++; } - a = Disassemble(addr, opcode); + static char bufferForDisassemblyWithPlentyOfStuff[64+NL_MAX_NAME_LEN*10]; //"plenty" + char* _a = Disassemble(addr, opcode); + strcpy(bufferForDisassemblyWithPlentyOfStuff, _a); if (symbDebugEnabled) { - replaceNames(ramBankNames, a, &disassembly_operands[i]); + replaceNames(ramBankNames, bufferForDisassemblyWithPlentyOfStuff, &disassembly_operands[i]); for(int p=0;p