From 99498882a569ab8684e91953ae4c75040912250f Mon Sep 17 00:00:00 2001 From: Daryl Borth Date: Mon, 27 Aug 2018 09:25:53 -0600 Subject: [PATCH] prevent overrunning the file buffer (eg: loading a game cover image that's too big) --- source/fceugx.cpp | 16 ++++++++-------- source/fileop.cpp | 14 +++++++++++++- source/fileop.h | 2 +- 3 files changed, 22 insertions(+), 10 deletions(-) diff --git a/source/fceugx.cpp b/source/fceugx.cpp index e2439c3..1dfc429 100644 --- a/source/fceugx.cpp +++ b/source/fceugx.cpp @@ -410,19 +410,19 @@ int main(int argc, char *argv[]) InitialiseAudio(); InitFreeType((u8*)font_ttf, font_ttf_size); // Initialize font system #ifdef USE_VM + savebuffer = (unsigned char *)vm_malloc(SAVEBUFFERSIZE); + browserList = (BROWSERENTRY *)vm_malloc(sizeof(BROWSERENTRY)*MAX_BROWSER_SIZE); gameScreenPng = (u8 *)vm_malloc(512*1024); + nesrom = (unsigned char *)vm_malloc(1024*1024*4); #else - gameScreenPng = (u8 *)malloc(512*1024); + savebuffer = (unsigned char *)memalign(32,SAVEBUFFERSIZE); + browserList = (BROWSERENTRY *)memalign(32,sizeof(BROWSERENTRY)*MAX_BROWSER_SIZE); + gameScreenPng = (u8 *)memalign(32,512*1024); + nesrom = (unsigned char *)memalign(32,1024*1024*4); #endif - browserList = (BROWSERENTRY *)malloc(sizeof(BROWSERENTRY)*MAX_BROWSER_SIZE); + InitGUIThreads(); - // allocate memory to store rom -#ifdef USE_VM - nesrom = (unsigned char *)vm_malloc(1024*1024*4); // 4 MB should be plenty -#else - nesrom = (unsigned char *)memalign(32,1024*1024*4); // 4 MB should be plenty -#endif /*** Minimal Emulation Loop ***/ if (!FCEUI_Initialize()) ExitApp(); diff --git a/source/fileop.cpp b/source/fileop.cpp index 3222dde..345c82f 100644 --- a/source/fileop.cpp +++ b/source/fileop.cpp @@ -37,7 +37,7 @@ #define THREAD_SLEEP 100 -unsigned char savebuffer[SAVEBUFFERSIZE] ATTRIBUTE_ALIGN(32); +unsigned char *savebuffer = NULL; static mutex_t bufferLock = LWP_MUTEX_NULL; FILE * file; // file pointer - the only one we should ever use! bool unmountRequired[7] = { false, false, false, false, false, false, false }; @@ -863,6 +863,18 @@ LoadFile (char * rbuffer, char *filepath, size_t length, bool silent) size_t LoadFile(char * filepath, bool silent) { + struct stat filestat; + + if(stat(filepath, &filestat) != 0) { + return 0; + } + + int size = filestat.st_size; + + if(size >= SAVEBUFFERSIZE) { + return 0; + } + return LoadFile((char *)savebuffer, filepath, 0, silent); } diff --git a/source/fileop.h b/source/fileop.h index 2ef6174..72c7287 100644 --- a/source/fileop.h +++ b/source/fileop.h @@ -41,7 +41,7 @@ size_t LoadSzFile(char * filepath, unsigned char * rbuffer); size_t SaveFile(char * buffer, char *filepath, size_t datasize, bool silent); size_t SaveFile(char * filepath, size_t datasize, bool silent); -extern unsigned char savebuffer[]; +extern unsigned char *savebuffer; extern FILE * file; extern bool unmountRequired[]; extern bool isMounted[];