* do not copy more ROM banner data than actually needed

* avoid trying to read out of bounds if the banner offset is bad
This commit is contained in:
Arisotura 2022-09-22 18:18:26 +02:00
parent c4acc26076
commit b171038c85
1 changed files with 9 additions and 9 deletions

View File

@ -1584,6 +1584,9 @@ bool LoadROM(const u8* romdata, u32 romlen)
if (CartInserted) if (CartInserted)
EjectCart(); EjectCart();
memset(&Header, 0, sizeof(Header));
memset(&Banner, 0, sizeof(Banner));
CartROMSize = 0x200; CartROMSize = 0x200;
while (CartROMSize < romlen) while (CartROMSize < romlen)
CartROMSize <<= 1; CartROMSize <<= 1;
@ -1603,13 +1606,13 @@ bool LoadROM(const u8* romdata, u32 romlen)
memcpy(&Header, CartROM, sizeof(Header)); memcpy(&Header, CartROM, sizeof(Header));
if (!Header.BannerOffset) u8 unitcode = Header.UnitCode;
bool dsi = (unitcode & 0x02) != 0;
size_t bannersize = dsi ? 0x23C0 : 0xA40;
if (Header.BannerOffset >= 0x200 && Header.BannerOffset < (CartROMSize - bannersize))
{ {
memset(&Banner, 0, sizeof(Banner)); memcpy(&Banner, CartROM + Header.BannerOffset, bannersize);
}
else
{
memcpy(&Banner, CartROM + Header.BannerOffset, sizeof(Banner));
} }
printf("Game code: %.4s\n", Header.GameCode); printf("Game code: %.4s\n", Header.GameCode);
@ -1619,9 +1622,6 @@ bool LoadROM(const u8* romdata, u32 romlen)
(u32)Header.GameCode[1] << 8 | (u32)Header.GameCode[1] << 8 |
(u32)Header.GameCode[0]; (u32)Header.GameCode[0];
u8 unitcode = Header.UnitCode;
bool dsi = (unitcode & 0x02) != 0;
u32 arm9base = Header.ARM9ROMOffset; u32 arm9base = Header.ARM9ROMOffset;
bool homebrew = (arm9base < 0x4000) || (gamecode == 0x23232323); bool homebrew = (arm9base < 0x4000) || (gamecode == 0x23232323);