code cleanup - fix memory leaks, buffer overflows, etc.

2024-11-01 00:15:14 +01:00 · 2009-01-05 22:23:41 +00:00 · 2009-01-05 22:23:41 +00:00 · 808717585f
commit 808717585f
parent 2a40be8d1b
8 changed files with 149 additions and 100 deletions
--- a/source/ngc/dvd.cpp
+++ b/source/ngc/dvd.cpp
@ -374,7 +374,7 @@ getentry (int entrycount, unsigned char dvdbuffer[])
 	if (entrycount >= MAXDVDFILES)
 		return 0;
-	if (diroffset >= 2048)
+	if (diroffset >= 2048 || diroffset < 0)
 		return 0;
 	/** Decode this entry **/
@ -388,7 +388,7 @@ getentry (int entrycount, unsigned char dvdbuffer[])
 		/* Check for wrap round - illegal in ISO spec,
 		* but certain crap writers do it! */
-		if ((diroffset + dvdbuffer[diroffset]) > 2048)
+		if ((diroffset + dvdbuffer[diroffset]) > 2048 || (diroffset + dvdbuffer[diroffset]) < 0)
 			return 0;
 		if (*filenamelength)
@ -396,7 +396,9 @@ getentry (int entrycount, unsigned char dvdbuffer[])
 			memset (&fname, 0, 512);
 			if (!IsJoliet)			/*** Do ISO 9660 first ***/
-				strcpy (fname, filename);
+			{
 				strncpy (fname, filename, 512);
 			}
 			else
 			{			/*** The more tortuous unicode joliet entries ***/
 				for (j = 0; j < (*filenamelength >> 1); j++)
@ -441,17 +443,22 @@ getentry (int entrycount, unsigned char dvdbuffer[])
 			if (rr != NULL)
 				*rr = 0;
-			browserList = (BROWSERENTRY *)realloc(browserList, (entrycount+1) * sizeof(BROWSERENTRY));
+			BROWSERENTRY * newBrowserList = (BROWSERENTRY *)realloc(browserList, (entrycount+1) * sizeof(BROWSERENTRY));
-			if(!browserList) // failed to allocate required memory
+			if(!newBrowserList) // failed to allocate required memory
 			{
 				ResetBrowser();
 				WaitPrompt("Out of memory: too many files!");
 				return 0;
 			}
 			else
 			{
 				browserList = newBrowserList;
 			}
 			memset(&(browserList[entrycount]), 0, sizeof(BROWSERENTRY)); // clear the new entry
-			strcpy (browserList[entrycount].filename, fname);
+			strncpy (browserList[entrycount].filename, fname, MAXJOLIET);
 			StripExt(tmpname, fname); // hide file extension
-			strcpy (browserList[entrycount].displayname, tmpname);
+			strncpy (browserList[entrycount].displayname, tmpname, MAXDISPLAY);
 			memcpy (&offset32, &dvdbuffer[diroffset + EXTENT], 4);
--- a/source/ngc/fileop.cpp
+++ b/source/ngc/fileop.cpp
@ -279,13 +279,13 @@ ParseDirectory()
 		WaitPrompt(msg);
 		// if we can't open the dir, open root dir
-		sprintf(fulldir,"%s",rootdir);
+		sprintf(browser.dir,"/");
-		dir = diropen(browser.dir);
+		dir = diropen(rootdir);
 		if (dir == NULL)
 		{
-			sprintf(msg, "Error opening %s", fulldir);
+			sprintf(msg, "Error opening %s", rootdir);
 			WaitPrompt(msg);
 			return 0;
 		}
@ -298,14 +298,19 @@ ParseDirectory()
 	{
 		if(strcmp(filename,".") != 0)
 		{
-			browserList = (BROWSERENTRY *)realloc(browserList, (entryNum+1) * sizeof(BROWSERENTRY));
+			BROWSERENTRY * newBrowserList = (BROWSERENTRY *)realloc(browserList, (entryNum+1) * sizeof(BROWSERENTRY));
-			if(!browserList) // failed to allocate required memory
+			if(!newBrowserList) // failed to allocate required memory
 			{
 				ResetBrowser();
 				WaitPrompt("Out of memory: too many files!");
 				entryNum = 0;
 				break;
 			}
 			else
 			{
 				browserList = newBrowserList;
 			}
 			memset(&(browserList[entryNum]), 0, sizeof(BROWSERENTRY)); // clear the new entry
 			strncpy(browserList[entryNum].filename, filename, MAXJOLIET);
--- a/source/ngc/freeze.cpp
+++ b/source/ngc/freeze.cpp
@ -38,7 +38,6 @@ extern void NGCFreezeStruct ();
 extern bool8 S9xUnfreezeGame (const char *filename);
 static int bufoffset;
 static char freezecomment[2][32];
 /****************************************************************************
 * GetMem
@ -150,6 +149,7 @@ NGCFreezeGame (int method, bool silent)
 		memcpy (savebuffer, saveicon, woffset);
 		// And the freezecomment
 		char freezecomment[2][32];
 		memset(freezecomment, 0, 64);
 		sprintf (freezecomment[0], "%s Freeze", APPVERSION);
--- a/source/ngc/gcunzip.cpp
+++ b/source/ngc/gcunzip.cpp
@ -470,14 +470,19 @@ int SzParse(char * filepath, int method)
 				if (SzF->IsDirectory)
 					continue;
-				browserList = (BROWSERENTRY *)realloc(browserList, (SzJ+1) * sizeof(BROWSERENTRY));
+				BROWSERENTRY * newBrowserList = (BROWSERENTRY *)realloc(browserList, (SzJ+1) * sizeof(BROWSERENTRY));
-				if(!browserList) // failed to allocate required memory
+				if(!newBrowserList) // failed to allocate required memory
 				{
 					ResetBrowser();
 					WaitPrompt("Out of memory: too many files!");
 					nbfiles = 0;
 					break;
 				}
 				else
 				{
 					browserList = newBrowserList;
 				}
 				memset(&(browserList[SzJ]), 0, sizeof(BROWSERENTRY)); // clear the new entry
 				// parse information about this file to the dvd file list structure
--- a/source/ngc/networkop.cpp
+++ b/source/ngc/networkop.cpp
@ -44,8 +44,9 @@ void UpdateCheck()
 		snprintf(url, 128, "http://snes9x-gx.googlecode.com/svn/trunk/update.xml");
-		AllocSaveBuffer ();
+		u8 * tmpbuffer = (u8 *)malloc(32768);
-		retval = http_request(url, NULL, (u8 *)savebuffer, SAVEBUFFERSIZE);
+		memset(tmpbuffer, 0, 32768);
 		retval = http_request(url, NULL, tmpbuffer, 32768);
 		memset(url, 0, 128);
 		if (retval)
@ -53,15 +54,18 @@ void UpdateCheck()
 			mxml_node_t *xml;
 			mxml_node_t *item;
-			xml = mxmlLoadString(NULL, (char *)savebuffer, MXML_TEXT_CALLBACK);
+			xml = mxmlLoadString(NULL, (char *)tmpbuffer, MXML_TEXT_CALLBACK);
 			if(xml)
 			{
 				// check settings version
 			char * versionstr;
 				item = mxmlFindElement(xml, xml, "app", "version", NULL, MXML_DESCEND);
 				if(item) // a version entry exists
 				{
-				versionstr = (char *)mxmlElementGetAttr(item, "version");
+					const char * versionstr = mxmlElementGetAttr(item, "version");
 					if(versionstr)
 					{
 						int version = atoi(versionstr);
 						int currVersion = atoi(APPVERSION);
@ -76,7 +80,10 @@ void UpdateCheck()
 						}
 					}
 				}
-		FreeSaveBuffer();
+				mxmlDelete(xml);
 			}
 		}
 		free(tmpbuffer);
 	}
 }
@ -119,7 +126,7 @@ bool DownloadUpdate()
 			retval = http_request(updateURL, hfile, NULL, (1024*1024*5));
 			fclose (hfile);
 		}
-		ShowAction("Unzipping...");
+		ShowAction("Installing...");
 		bool unzipResult = unzipArchive(updateFile, (char *)"sd:/");
 		remove(updateFile); // delete update file
--- a/source/ngc/preferences.cpp
+++ b/source/ngc/preferences.cpp
@ -22,18 +22,16 @@
 #include "filesel.h"
 #include "input.h"
 static char prefscomment[2][32];
 /****************************************************************************
 * Prepare Preferences Data
 *
 * This sets up the save buffer for saving.
 ***************************************************************************/
-static mxml_node_t *xml;
+static mxml_node_t *xml = NULL;
-static mxml_node_t *data;
+static mxml_node_t *data = NULL;
-static mxml_node_t *section;
+static mxml_node_t *section = NULL;
-static mxml_node_t *item;
+static mxml_node_t *item = NULL;
-static mxml_node_t *elem;
+static mxml_node_t *elem = NULL;
 static char temp[20];
@ -120,6 +118,7 @@ preparePrefsData (int method)
 		memcpy (savebuffer, saveicon, offset);
 		// And the comments
 		char prefscomment[2][32];
 		memset(prefscomment, 0, 64);
 		sprintf (prefscomment[0], "%s Prefs", APPNAME);
 		sprintf (prefscomment[1], "Preferences");
@ -191,25 +190,41 @@ static void loadXMLSetting(char * var, const char * name, int maxsize)
 {
 	item = mxmlFindElement(xml, xml, "setting", "name", name, MXML_DESCEND);
 	if(item)
-		snprintf(var, maxsize, "%s", mxmlElementGetAttr(item, "value"));
+	{
 		const char * tmp = mxmlElementGetAttr(item, "value");
 		if(tmp)
 			snprintf(var, maxsize, "%s", tmp);
 	}
 }
 static void loadXMLSetting(int * var, const char * name)
 {
 	item = mxmlFindElement(xml, xml, "setting", "name", name, MXML_DESCEND);
 	if(item)
-		*var = atoi(mxmlElementGetAttr(item, "value"));
+	{
 		const char * tmp = mxmlElementGetAttr(item, "value");
 		if(tmp)
 			*var = atoi(tmp);
 	}
 }
 static void loadXMLSetting(float * var, const char * name)
 {
 	item = mxmlFindElement(xml, xml, "setting", "name", name, MXML_DESCEND);
 	if(item)
-		*var = atof(mxmlElementGetAttr(item, "value"));
+	{
 		const char * tmp = mxmlElementGetAttr(item, "value");
 		if(tmp)
 			*var = atof(tmp);
 	}
 }
 static void loadXMLSetting(bool8 * var, const char * name)
 {
 	item = mxmlFindElement(xml, xml, "setting", "name", name, MXML_DESCEND);
 	if(item)
-		*var = atoi(mxmlElementGetAttr(item, "value"));
+	{
 		const char * tmp = mxmlElementGetAttr(item, "value");
 		if(tmp)
 			*var = atoi(tmp);
 	}
 }
 /****************************************************************************
@ -229,7 +244,11 @@ static void loadXMLController(unsigned int controller[], const char * name)
 		{
 			elem = mxmlFindElement(item, xml, "button", "number", toStr(i), MXML_DESCEND);
 			if(elem)
-				controller[i] = atoi(mxmlElementGetAttr(elem, "assignment"));
+			{
 				const char * tmp = mxmlElementGetAttr(elem, "assignment");
 				if(tmp)
 					controller[i] = atoi(tmp);
 			}
 		}
 	}
 }
@ -243,26 +262,35 @@ static void loadXMLController(unsigned int controller[], const char * name)
 static bool
 decodePrefsData (int method)
 {
 	bool result = false;
 	int offset = 0;
 	// skip save icon and comments for Memory Card saves
 	if(method == METHOD_MC_SLOTA || method == METHOD_MC_SLOTB)
 	{
 		offset = sizeof (saveicon);
-		offset += 64; // sizeof prefscomment
+		offset += 64; // sizeof comment
 	}
 	xml = mxmlLoadString(NULL, (char *)savebuffer+offset, MXML_TEXT_CALLBACK);
 	if(xml)
 	{
 		// check settings version
 		// we don't do anything with the version #, but we'll store it anyway
 	char * version;
 		item = mxmlFindElement(xml, xml, "file", "version", NULL, MXML_DESCEND);
 		if(item) // a version entry exists
-		version = (char *)mxmlElementGetAttr(item, "version");
+		{
-	else // version # not found, must be invalid
+			const char * version = mxmlElementGetAttr(item, "version");
 		return false;
 			if(version)
 			{
 				result = true; // assume version is valid
 			}
 		}
 		if(result)
 		{
 			// File Settings
 			loadXMLSetting(&GCSettings.AutoLoad, "AutoLoad");
@ -301,10 +329,10 @@ decodePrefsData (int method)
 			loadXMLController(wmpadmap, "wmpadmap");
 			loadXMLController(ccpadmap, "ccpadmap");
 			loadXMLController(ncpadmap, "ncpadmap");
-
+		}
 		mxmlDelete(xml);
-
+	}
-	return true;
+	return result;
 }
 /****************************************************************************
--- a/source/ngc/sram.cpp
+++ b/source/ngc/sram.cpp
@ -23,11 +23,7 @@
 #include "images/saveicon.h"
 #include "menudraw.h"
 #include "fileop.h"
-
+#include "input.h"
 extern int padcal;
 extern unsigned short gcpadmap[];
 char sramcomment[2][32];
 /****************************************************************************
 * Prepare SRAM Save Data
@ -35,7 +31,7 @@ char sramcomment[2][32];
 * This sets up the savebuffer for saving in a format compatible with
 * snes9x on other platforms.
 ***************************************************************************/
-int
+static int
 preparesavedata (int method)
 {
 	int offset = 0;
@ -49,6 +45,7 @@ preparesavedata (int method)
 	}
 	// Copy in the sramcomments
 	char sramcomment[2][32];
 	memset(sramcomment, 0, 64);
 	sprintf (sramcomment[0], "%s SRAM", APPNAME);
 	sprintf (sramcomment[1], Memory.ROMName);
@ -87,7 +84,7 @@ preparesavedata (int method)
 /****************************************************************************
 * Decode Save Data
 ***************************************************************************/
-void
+static void
 decodesavedata (int method, int readsize)
 {
 	int offset = 0;
@ -139,7 +136,7 @@ decodesavedata (int method, int readsize)
 /****************************************************************************
 * Load SRAM
 ***************************************************************************/
-int
+bool
 LoadSRAM (int method, bool silent)
 {
 	char filepath[1024];
@ -149,7 +146,7 @@ LoadSRAM (int method, bool silent)
 		method = autoSaveMethod(silent); // we use 'Save' because SRAM needs R/W
 	if(!MakeFilePath(filepath, FILE_SRAM, method))
-		return 0;
+		return false;
 	ShowAction ("Loading...");
@ -162,7 +159,7 @@ LoadSRAM (int method, bool silent)
 		decodesavedata (method, offset);
 		S9xSoftReset();
 		FreeSaveBuffer ();
-		return 1;
+		return true;
 	}
 	else
 	{
@ -172,7 +169,7 @@ LoadSRAM (int method, bool silent)
 		if(!silent)
 			WaitPrompt ("SRAM file not found");
-		return 0;
+		return false;
 	}
 }
--- a/source/ngc/sram.h
+++ b/source/ngc/sram.h
@ -11,4 +11,4 @@
 ***************************************************************************/
 bool SaveSRAM (int method, bool silent);
-int LoadSRAM (int method, bool silent);
+bool LoadSRAM (int method, bool silent);