ShuriZma
/
fceux
mirror of https://github.com/TASEmulators/fceux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add size limit of 32768 to strings to guard against corrupt files 

Add count limit for bookmarks and bookmark shortcuts
This commit is contained in:
Dwedit 2022-04-28 18:26:04 -04:00 committed by zeromus
parent 2e70e27ba0
commit dd35f4b12a
2 changed files with 17 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/drivers/common/config.cpp
View File

@ -145,6 +145,11 @@ static void GetValueR(FILE *fp, char *str, void *v, int c)
{
if(!c) // String, allocate some memory.
{
// Windows enforces a 32767 character limit for text boxes by default
// If a string exceeds this length, it's probably a corrupt file
if (s > 32768)
goto gogl;
if(!(*(char **)v=(char*)malloc(s)))
goto gogl;

13
src/drivers/win/pref.cpp
View File

@ -254,6 +254,9 @@ int loadDebuggerPreferences(FILE* f)
// Read the number of CPU bookmarks
if (fread(&size, sizeof(unsigned int), 1, f) != 1) return 1;
// If there's more than 65536 bookmarks (bookmarking every address in the whole 16-bit address space), we're probably reading a corrupt file
if (size > 65536) return 1;
bookmarks.resize(size);
// Read the data of those bookmarks
char buffer[256];
@ -295,6 +298,8 @@ int loadDebuggerPreferences(FILE* f)
// Read the length of the BP condition
if (fread(&len, sizeof(len), 1, f) != 1) return 1;
// Windows enforces 32767 max characters for a textbox by default, if it exceeds that, it's probably a corrupt file
if (len > 32767) return 1;
// Delete eventual older conditions
if (watchpoint[myNumWPs].condText)
@ -312,7 +317,9 @@ int loadDebuggerPreferences(FILE* f)
// Read length of the BP description
if (fread(&len, sizeof(len), 1, f) != 1) return 1;
// Windows enforces 32767 max characters for a textbox by default, if it exceeds that, it's probably a corrupt file
if (len > 32767) return 1;
// Delete eventual older description
if (watchpoint[myNumWPs].desc)
free(watchpoint[myNumWPs].desc);
@ -373,6 +380,8 @@ int loadHexPreferences(FILE* f, HexBookmarkList& target = hexBookmarks)
if (fread(&target[i].address, sizeof(target[i].address), 1, f) != 1) return 1;
// Read length of description
if (fread(&len, sizeof(len), 1, f) != 1) return 1;
const int max_len = sizeof(target[i].description)/sizeof(target[i].description[0]) - 1; //value of 50
if (len > max_len) return 1;
// Read the bookmark description
if (fread(target[i].description, 1, len, f) != len) return 1;
}
@ -384,6 +393,8 @@ int loadHexPreferences(FILE* f, HexBookmarkList& target = hexBookmarks)
if (!feof(f))
{
fread(&target.shortcutCount, sizeof(target.shortcutCount), 1, f);
const int max_shortcuts = sizeof(target.shortcuts) / sizeof(target.shortcuts[0]); //value of 10
if (target.shortcutCount > max_shortcuts) return 1;
unsigned int bookmark_index, shortcut_index;
// read the matching index list of the shortcuts