hw/naomi/naomi_cart.cpp: Fix 3 buffer overflows in naomi_cart_LoadRom()

This commit is contained in:
Jan Holthuis 2016-02-22 18:37:41 +01:00
parent 9e937957f7
commit 1a809fc60e
1 changed files with 11 additions and 3 deletions

View File

@ -32,8 +32,11 @@ bool naomi_cart_LoadRom(char* file)
folder_pos++; folder_pos++;
// FIXME: Data loss if buffer is too small
char t[512]; char t[512];
strcpy(t, file); strncpy(t, file, sizeof(t));
t[sizeof(t) - 1] = '\0';
FILE* fl = fopen(t, "r"); FILE* fl = fopen(t, "r");
if (!fl) if (!fl)
return false; return false;
@ -92,7 +95,10 @@ bool naomi_cart_LoadRom(char* file)
RomCacheMapCount = (u32)files.size(); RomCacheMapCount = (u32)files.size();
RomCacheMap = new fd_t[files.size()]; RomCacheMap = new fd_t[files.size()];
strcpy(t, file); // FIXME: Data loss if buffer is too small
strncpy(t, file, sizeof(t));
t[sizeof(t) - 1] = '\0';
t[folder_pos] = 0; t[folder_pos] = 0;
strcat(t, "ndcn-composed.cache"); strcat(t, "ndcn-composed.cache");
@ -106,7 +112,9 @@ bool naomi_cart_LoadRom(char* file)
verify(RomPtr != 0); verify(RomPtr != 0);
verify(RomPtr != (void*)-1); verify(RomPtr != (void*)-1);
strcpy(t, file); // FIXME: Data loss if buffer is too small
strncpy(t, file, sizeof(t));
t[sizeof(t) - 1] = '\0';
//Create File Mapping Objects //Create File Mapping Objects
for (size_t i = 0; i<files.size(); i++) for (size_t i = 0; i<files.size(); i++)