From 5ef12bcea9f9eafd7cfa6aeb0d076097d58b012a Mon Sep 17 00:00:00 2001 From: dborth Date: Mon, 5 Jan 2009 22:21:27 +0000 Subject: [PATCH] code cleanup - fix memory leaks, buffer overflows, etc. --- source/ngc/dvd.c | 21 +++-- source/ngc/fceustate.c | 24 +++--- source/ngc/fileop.c | 15 ++-- source/ngc/gcunzip.c | 9 ++- source/ngc/networkop.c | 65 ++++++++------- source/ngc/preferences.c | 167 ++++++++++++++++++++++----------------- 6 files changed, 176 insertions(+), 125 deletions(-) diff --git a/source/ngc/dvd.c b/source/ngc/dvd.c index 1a2dfc1..eb003ab 100644 --- a/source/ngc/dvd.c +++ b/source/ngc/dvd.c @@ -370,7 +370,7 @@ getentry (int entrycount, unsigned char dvdbuffer[]) if (entrycount >= MAXDVDFILES) return 0; - if (diroffset >= 2048) + if (diroffset >= 2048 || diroffset < 0) return 0; /** Decode this entry **/ @@ -384,7 +384,7 @@ getentry (int entrycount, unsigned char dvdbuffer[]) /* Check for wrap round - illegal in ISO spec, * but certain crap writers do it! */ - if ((diroffset + dvdbuffer[diroffset]) > 2048) + if ((diroffset + dvdbuffer[diroffset]) > 2048 || (diroffset + dvdbuffer[diroffset]) < 0) return 0; if (*filenamelength) @@ -392,7 +392,9 @@ getentry (int entrycount, unsigned char dvdbuffer[]) memset (&fname, 0, 512); if (!IsJoliet) /*** Do ISO 9660 first ***/ - strcpy (fname, filename); + { + strncpy (fname, filename, 512); + } else { /*** The more tortuous unicode joliet entries ***/ for (j = 0; j < (*filenamelength >> 1); j++) @@ -437,17 +439,22 @@ getentry (int entrycount, unsigned char dvdbuffer[]) if (rr != NULL) *rr = 0; - browserList = (BROWSERENTRY *)realloc(browserList, (entrycount+1) * sizeof(BROWSERENTRY)); - if(!browserList) // failed to allocate required memory + BROWSERENTRY * newBrowserList = (BROWSERENTRY *)realloc(browserList, (entrycount+1) * sizeof(BROWSERENTRY)); + if(!newBrowserList) // failed to allocate required memory { + ResetBrowser(); WaitPrompt("Out of memory: too many files!"); return 0; } + else + { + browserList = newBrowserList; + } memset(&(browserList[entrycount]), 0, sizeof(BROWSERENTRY)); // clear the new entry - strcpy (browserList[entrycount].filename, fname); + strncpy (browserList[entrycount].filename, fname, MAXJOLIET); StripExt(tmpname, fname); // hide file extension - strcpy (browserList[entrycount].displayname, tmpname); + strncpy (browserList[entrycount].displayname, tmpname, MAXDISPLAY); memcpy (&offset32, &dvdbuffer[diroffset + EXTENT], 4); diff --git a/source/ngc/fceustate.c b/source/ngc/fceustate.c index 30c8afb..ee3fcea 100644 --- a/source/ngc/fceustate.c +++ b/source/ngc/fceustate.c @@ -48,12 +48,10 @@ extern u32 iNESGameCRC32; #define RLSB 0x80000000 -static int sboffset; /*** Used as a basic fileptr ***/ -static int mcversion = 0x981211; - /**************************************************************************** * Memory based file functions ****************************************************************************/ +static int sboffset; // Used as a basic fileptr /*** Open a file ***/ static void memopen() @@ -62,23 +60,26 @@ static void memopen() } /*** Write to the file ***/ -static void memfwrite( void *buffer, int len ) { - if ( (sboffset + len ) > SAVEBUFFERSIZE) +static void memfwrite(void *buffer, int len) +{ + if ((sboffset + len) > SAVEBUFFERSIZE) WaitPrompt("Buffer Exceeded"); - if ( len > 0 ) { - memcpy(&savebuffer[sboffset], buffer, len ); + if (len > 0) + { + memcpy(&savebuffer[sboffset], buffer, len); sboffset += len; } } /*** Read from a file ***/ -static void memfread( void *buffer, int len ) { - - if ( ( sboffset + len ) > SAVEBUFFERSIZE) +static void memfread(void *buffer, int len) +{ + if ( (sboffset + len) > SAVEBUFFERSIZE) WaitPrompt("Buffer exceeded"); - if ( len > 0 ) { + if (len > 0) + { memcpy(buffer, &savebuffer[sboffset], len); sboffset += len; } @@ -279,6 +280,7 @@ static int GCFCEUSS_Save(int method) } // Add version ID + int mcversion = 0x981211; memcpy(&header[8], &mcversion, 4); // Do internal Saving diff --git a/source/ngc/fileop.c b/source/ngc/fileop.c index 31eb515..793ba7a 100644 --- a/source/ngc/fileop.c +++ b/source/ngc/fileop.c @@ -276,13 +276,13 @@ ParseDirectory() WaitPrompt(msg); // if we can't open the dir, open root dir - sprintf(fulldir,"%s",rootdir); + sprintf(browser.dir,"/"); - dir = diropen(browser.dir); + dir = diropen(rootdir); if (dir == NULL) { - sprintf(msg, "Error opening %s", fulldir); + sprintf(msg, "Error opening %s", rootdir); WaitPrompt(msg); return 0; } @@ -295,14 +295,19 @@ ParseDirectory() { if(strcmp(filename,".") != 0) { - browserList = (BROWSERENTRY *)realloc(browserList, (entryNum+1) * sizeof(BROWSERENTRY)); + BROWSERENTRY * newBrowserList = (BROWSERENTRY *)realloc(browserList, (entryNum+1) * sizeof(BROWSERENTRY)); - if(!browserList) // failed to allocate required memory + if(!newBrowserList) // failed to allocate required memory { + ResetBrowser(); WaitPrompt("Out of memory: too many files!"); entryNum = 0; break; } + else + { + browserList = newBrowserList; + } memset(&(browserList[entryNum]), 0, sizeof(BROWSERENTRY)); // clear the new entry strncpy(browserList[entryNum].filename, filename, MAXJOLIET); diff --git a/source/ngc/gcunzip.c b/source/ngc/gcunzip.c index a1476e7..4ca64d7 100644 --- a/source/ngc/gcunzip.c +++ b/source/ngc/gcunzip.c @@ -465,14 +465,19 @@ int SzParse(char * filepath, int method) if (SzF->IsDirectory) continue; - browserList = (BROWSERENTRY *)realloc(browserList, (SzJ+1) * sizeof(BROWSERENTRY)); + BROWSERENTRY * newBrowserList = (BROWSERENTRY *)realloc(browserList, (SzJ+1) * sizeof(BROWSERENTRY)); - if(!browserList) // failed to allocate required memory + if(!newBrowserList) // failed to allocate required memory { + ResetBrowser(); WaitPrompt("Out of memory: too many files!"); nbfiles = 0; break; } + else + { + browserList = newBrowserList; + } memset(&(browserList[SzJ]), 0, sizeof(BROWSERENTRY)); // clear the new entry // parse information about this file to the dvd file list structure diff --git a/source/ngc/networkop.c b/source/ngc/networkop.c index d2e5cba..b0c1b6a 100644 --- a/source/ngc/networkop.c +++ b/source/ngc/networkop.c @@ -45,8 +45,9 @@ void UpdateCheck() snprintf(url, 128, "http://fceugc.googlecode.com/svn/trunk/update.xml"); - AllocSaveBuffer (); - retval = http_request(url, NULL, (u8 *)savebuffer, SAVEBUFFERSIZE); + u8 * tmpbuffer = (u8 *)malloc(32768); + memset(tmpbuffer, 0, 32768); + retval = http_request(url, NULL, tmpbuffer, 32768); memset(url, 0, 128); if (retval) @@ -54,39 +55,47 @@ void UpdateCheck() mxml_node_t *xml; mxml_node_t *item; - xml = mxmlLoadString(NULL, (char *)savebuffer, MXML_TEXT_CALLBACK); + xml = mxmlLoadString(NULL, (char *)tmpbuffer, MXML_TEXT_CALLBACK); - // check settings version - item = mxmlFindElement(xml, xml, "app", "version", NULL, MXML_DESCEND); - if(item) // a version entry exists + if(xml) { - char * version = (char *)mxmlElementGetAttr(item, "version"); - - int verMajor = version[0] - '0'; - int verMinor = version[2] - '0'; - int verPoint = version[4] - '0'; - int curMajor = APPVERSION[0] - '0'; - int curMinor = APPVERSION[2] - '0'; - int curPoint = APPVERSION[4] - '0'; - - // check that the versioning is valid and is a newer version - if((verMajor >= 0 && verMajor <= 9 && - verMinor >= 0 && verMinor <= 9 && - verPoint >= 0 && verPoint <= 9) && - (verMajor > curMajor || - verMinor > curMinor || - verPoint > curPoint)) + // check settings version + item = mxmlFindElement(xml, xml, "app", "version", NULL, MXML_DESCEND); + if(item) // a version entry exists { - item = mxmlFindElement(xml, xml, "file", NULL, NULL, MXML_DESCEND); - if(item) + const char * version = (char *)mxmlElementGetAttr(item, "version"); + + int verMajor = version[0] - '0'; + int verMinor = version[2] - '0'; + int verPoint = version[4] - '0'; + int curMajor = APPVERSION[0] - '0'; + int curMinor = APPVERSION[2] - '0'; + int curPoint = APPVERSION[4] - '0'; + + // check that the versioning is valid and is a newer version + if((verMajor >= 0 && verMajor <= 9 && + verMinor >= 0 && verMinor <= 9 && + verPoint >= 0 && verPoint <= 9) && + (verMajor > curMajor || + verMinor > curMinor || + verPoint > curPoint)) { - snprintf(updateURL, 128, "%s", mxmlElementGetAttr(item, "url")); - updateFound = true; + item = mxmlFindElement(xml, xml, "file", NULL, NULL, MXML_DESCEND); + if(item) + { + const char * tmp = mxmlElementGetAttr(item, "url"); + if(tmp) + { + snprintf(updateURL, 128, "%s", tmp); + updateFound = true; + } + } } } + mxmlDelete(xml); } } - FreeSaveBuffer(); + free(tmpbuffer); } } @@ -129,7 +138,7 @@ bool DownloadUpdate() retval = http_request(updateURL, hfile, NULL, (1024*1024*5)); fclose (hfile); } - ShowAction("Unzipping..."); + ShowAction("Installing..."); bool unzipResult = unzipArchive(updateFile, (char *)"sd:/"); remove(updateFile); // delete update file diff --git a/source/ngc/preferences.c b/source/ngc/preferences.c index 2026f0e..e0981fd 100644 --- a/source/ngc/preferences.c +++ b/source/ngc/preferences.c @@ -23,18 +23,16 @@ extern const unsigned short saveicon[1024]; -static char prefscomment[2][32]; - /**************************************************************************** * Prepare Preferences Data * * This sets up the save buffer for saving. ****************************************************************************/ -static mxml_node_t *xml; -static mxml_node_t *data; -static mxml_node_t *section; -static mxml_node_t *item; -static mxml_node_t *elem; +static mxml_node_t *xml = NULL; +static mxml_node_t *data = NULL; +static mxml_node_t *section = NULL; +static mxml_node_t *item = NULL; +static mxml_node_t *elem = NULL; static char temp[200]; @@ -112,7 +110,6 @@ static int preparePrefsData (int method) { int offset = 0; - memset (savebuffer, 0, SAVEBUFFERSIZE); // add save icon and comments for Memory Card saves if(method == METHOD_MC_SLOTA || method == METHOD_MC_SLOTB) @@ -123,6 +120,8 @@ preparePrefsData (int method) memcpy (savebuffer, saveicon, offset); // And the comments + char prefscomment[2][32]; + memset(prefscomment, 0, 64); sprintf (prefscomment[0], "%s Prefs", APPNAME); sprintf (prefscomment[1], "Preferences"); memcpy (savebuffer + offset, prefscomment, 64); @@ -189,19 +188,31 @@ static void loadXMLSettingStr(char * var, const char * name, int maxsize) { item = mxmlFindElement(xml, xml, "setting", "name", name, MXML_DESCEND); if(item) - snprintf(var, maxsize, "%s", mxmlElementGetAttr(item, "value")); + { + const char * tmp = mxmlElementGetAttr(item, "value"); + if(tmp) + snprintf(var, maxsize, "%s", tmp); + } } static void loadXMLSettingInt(int * var, const char * name) { item = mxmlFindElement(xml, xml, "setting", "name", name, MXML_DESCEND); if(item) - *var = atoi(mxmlElementGetAttr(item, "value")); + { + const char * tmp = mxmlElementGetAttr(item, "value"); + if(tmp) + *var = atoi(tmp); + } } static void loadXMLSettingFloat(float * var, const char * name) { item = mxmlFindElement(xml, xml, "setting", "name", name, MXML_DESCEND); if(item) - *var = atof(mxmlElementGetAttr(item, "value")); + { + const char * tmp = mxmlElementGetAttr(item, "value"); + if(tmp) + *var = atof(tmp); + } } static void loadXMLController(unsigned int controller[], const char * name) @@ -217,7 +228,11 @@ static void loadXMLController(unsigned int controller[], const char * name) { elem = mxmlFindElement(item, xml, "button", "number", toStr(i), MXML_DESCEND); if(elem) - controller[i] = atoi(mxmlElementGetAttr(elem, "assignment")); + { + const char * tmp = mxmlElementGetAttr(elem, "assignment"); + if(tmp) + controller[i] = atoi(tmp); + } } } } @@ -225,6 +240,7 @@ static void loadXMLController(unsigned int controller[], const char * name) static bool decodePrefsData (int method) { + bool result = false; int offset = 0; // skip save icon and comments for Memory Card saves @@ -236,77 +252,84 @@ decodePrefsData (int method) xml = mxmlLoadString(NULL, (char *)savebuffer+offset, MXML_TEXT_CALLBACK); - // check settings version - // we don't do anything with the version #, but we'll store it anyway - char * version; - item = mxmlFindElement(xml, xml, "file", "version", NULL, MXML_DESCEND); - if(item) // a version entry exists - version = (char *)mxmlElementGetAttr(item, "version"); - else // version # not found, must be invalid - return false; + if(xml) + { + // check settings version + item = mxmlFindElement(xml, xml, "file", "version", NULL, MXML_DESCEND); + if(item) // a version entry exists + { + const char * version = (char *)mxmlElementGetAttr(item, "version"); - // this code assumes version in format X.X.X - // XX.X.X, X.XX.X, or X.X.XX will NOT work - int verMajor = version[0] - '0'; - int verMinor = version[2] - '0'; - int verPoint = version[4] - '0'; - int curMajor = APPVERSION[0] - '0'; - int curMinor = APPVERSION[2] - '0'; - int curPoint = APPVERSION[4] - '0'; + if(version) + { + // this code assumes version in format X.X.X + // XX.X.X, X.XX.X, or X.X.XX will NOT work + int verMajor = version[0] - '0'; + int verMinor = version[2] - '0'; + int verPoint = version[4] - '0'; + int curMajor = APPVERSION[0] - '0'; + int curMinor = APPVERSION[2] - '0'; + int curPoint = APPVERSION[4] - '0'; - // first we'll check that the versioning is valid - if(!(verMajor >= 0 && verMajor <= 9 && - verMinor >= 0 && verMinor <= 9 && - verPoint >= 0 && verPoint <= 9)) - return false; + // first we'll check that the versioning is valid + if(!(verMajor >= 0 && verMajor <= 9 && + verMinor >= 0 && verMinor <= 9 && + verPoint >= 0 && verPoint <= 9)) + result = false; + else if(verMajor == 2 && verPoint < 7) // less than version 2.0.7 + result = false; // reset settings + else if(verMajor > curMajor || verMinor > curMinor || verPoint > curPoint) // some future version + result = false; // reset settings + else + result = true; + } + } - if(verMajor == 2 && verPoint < 7) // less than version 2.0.7 - return false; // reset settings - else if(verMajor > curMajor || verMinor > curMinor || verPoint > curPoint) // some future version - return false; // reset settings + if(result) + { + // File Settings - // File Settings + loadXMLSettingInt(&GCSettings.AutoLoad, "AutoLoad"); + loadXMLSettingInt(&GCSettings.AutoSave, "AutoSave"); + loadXMLSettingInt(&GCSettings.LoadMethod, "LoadMethod"); + loadXMLSettingInt(&GCSettings.SaveMethod, "SaveMethod"); + loadXMLSettingStr(GCSettings.LoadFolder, "LoadFolder", sizeof(GCSettings.LoadFolder)); + loadXMLSettingStr(GCSettings.SaveFolder, "SaveFolder", sizeof(GCSettings.SaveFolder)); + //loadXMLSettingStr(GCSettings.CheatFolder, "CheatFolder", sizeof(GCSettings.CheatFolder)); + loadXMLSettingInt(&GCSettings.VerifySaves, "VerifySaves"); - loadXMLSettingInt(&GCSettings.AutoLoad, "AutoLoad"); - loadXMLSettingInt(&GCSettings.AutoSave, "AutoSave"); - loadXMLSettingInt(&GCSettings.LoadMethod, "LoadMethod"); - loadXMLSettingInt(&GCSettings.SaveMethod, "SaveMethod"); - loadXMLSettingStr(GCSettings.LoadFolder, "LoadFolder", sizeof(GCSettings.LoadFolder)); - loadXMLSettingStr(GCSettings.SaveFolder, "SaveFolder", sizeof(GCSettings.SaveFolder)); - //loadXMLSettingStr(GCSettings.CheatFolder, "CheatFolder", sizeof(GCSettings.CheatFolder)); - loadXMLSettingInt(&GCSettings.VerifySaves, "VerifySaves"); + // Network Settings - // Network Settings + loadXMLSettingStr(GCSettings.smbip, "smbip", sizeof(GCSettings.smbip)); + loadXMLSettingStr(GCSettings.smbshare, "smbshare", sizeof(GCSettings.smbshare)); + loadXMLSettingStr(GCSettings.smbuser, "smbuser", sizeof(GCSettings.smbuser)); + loadXMLSettingStr(GCSettings.smbpwd, "smbpwd", sizeof(GCSettings.smbpwd)); - loadXMLSettingStr(GCSettings.smbip, "smbip", sizeof(GCSettings.smbip)); - loadXMLSettingStr(GCSettings.smbshare, "smbshare", sizeof(GCSettings.smbshare)); - loadXMLSettingStr(GCSettings.smbuser, "smbuser", sizeof(GCSettings.smbuser)); - loadXMLSettingStr(GCSettings.smbpwd, "smbpwd", sizeof(GCSettings.smbpwd)); + // Emulation Settings - // Emulation Settings + loadXMLSettingInt(&GCSettings.currpal, "currpal"); + loadXMLSettingInt(&GCSettings.timing, "timing"); + loadXMLSettingInt(&GCSettings.slimit, "slimit"); + loadXMLSettingInt(&GCSettings.Zoom, "Zoom"); + loadXMLSettingFloat(&GCSettings.ZoomLevel, "ZoomLevel"); + loadXMLSettingInt(&GCSettings.render, "render"); + loadXMLSettingInt(&GCSettings.widescreen, "widescreen"); + loadXMLSettingInt(&GCSettings.hideoverscan, "hideoverscan"); - loadXMLSettingInt(&GCSettings.currpal, "currpal"); - loadXMLSettingInt(&GCSettings.timing, "timing"); - loadXMLSettingInt(&GCSettings.slimit, "slimit"); - loadXMLSettingInt(&GCSettings.Zoom, "Zoom"); - loadXMLSettingFloat(&GCSettings.ZoomLevel, "ZoomLevel"); - loadXMLSettingInt(&GCSettings.render, "render"); - loadXMLSettingInt(&GCSettings.widescreen, "widescreen"); - loadXMLSettingInt(&GCSettings.hideoverscan, "hideoverscan"); + // Controller Settings + loadXMLSettingInt(&GCSettings.FourScore, "FSDisable"); + loadXMLSettingInt(&GCSettings.zapper, "zapper"); + loadXMLSettingInt(&GCSettings.crosshair, "crosshair"); - // Controller Settings - loadXMLSettingInt(&GCSettings.FourScore, "FSDisable"); - loadXMLSettingInt(&GCSettings.zapper, "zapper"); - loadXMLSettingInt(&GCSettings.crosshair, "crosshair"); + loadXMLController(gcpadmap, "gcpadmap"); + loadXMLController(wmpadmap, "wmpadmap"); + loadXMLController(ccpadmap, "ccpadmap"); + loadXMLController(ncpadmap, "ncpadmap"); + } + mxmlDelete(xml); + } - loadXMLController(gcpadmap, "gcpadmap"); - loadXMLController(wmpadmap, "wmpadmap"); - loadXMLController(ccpadmap, "ccpadmap"); - loadXMLController(ncpadmap, "ncpadmap"); - - mxmlDelete(xml); - - return true; + return result; } /****************************************************************************