code cleanup - memory leaks, buffer overrruns, etc

This commit is contained in:
dborth 2009-01-06 05:33:13 +00:00
parent 874525235d
commit 497274c83d
5 changed files with 159 additions and 106 deletions

View File

@ -372,7 +372,7 @@ getentry (int entrycount, unsigned char dvdbuffer[])
if (entrycount >= MAXDVDFILES)
return 0;
if (diroffset >= 2048)
if (diroffset >= 2048 || diroffset < 0)
return 0;
/** Decode this entry **/
@ -386,7 +386,7 @@ getentry (int entrycount, unsigned char dvdbuffer[])
/* Check for wrap round - illegal in ISO spec,
* but certain crap writers do it! */
if ((diroffset + dvdbuffer[diroffset]) > 2048)
if ((diroffset + dvdbuffer[diroffset]) > 2048 || (diroffset + dvdbuffer[diroffset]) < 0)
return 0;
if (*filenamelength)
@ -394,7 +394,9 @@ getentry (int entrycount, unsigned char dvdbuffer[])
memset (&fname, 0, 512);
if (!IsJoliet) /*** Do ISO 9660 first ***/
strcpy (fname, filename);
{
strncpy (fname, filename, 512);
}
else
{ /*** The more tortuous unicode joliet entries ***/
for (j = 0; j < (*filenamelength >> 1); j++)
@ -439,17 +441,22 @@ getentry (int entrycount, unsigned char dvdbuffer[])
if (rr != NULL)
*rr = 0;
browserList = (BROWSERENTRY *)realloc(browserList, (entrycount+1) * sizeof(BROWSERENTRY));
if(!browserList) // failed to allocate required memory
BROWSERENTRY * newBrowserList = (BROWSERENTRY *)realloc(browserList, (entrycount+1) * sizeof(BROWSERENTRY));
if(!newBrowserList) // failed to allocate required memory
{
ResetBrowser();
WaitPrompt("Out of memory: too many files!");
return 0;
}
else
{
browserList = newBrowserList;
}
memset(&(browserList[entrycount]), 0, sizeof(BROWSERENTRY)); // clear the new entry
strcpy (browserList[entrycount].filename, fname);
strncpy (browserList[entrycount].filename, fname, MAXJOLIET);
StripExt(tmpname, fname); // hide file extension
strcpy (browserList[entrycount].displayname, tmpname);
strncpy (browserList[entrycount].displayname, tmpname, MAXDISPLAY);
memcpy (&offset32, &dvdbuffer[diroffset + EXTENT], 4);

View File

@ -278,13 +278,13 @@ ParseDirectory()
WaitPrompt(msg);
// if we can't open the dir, open root dir
sprintf(fulldir,"%s",rootdir);
sprintf(browser.dir,"/");
dir = diropen(browser.dir);
dir = diropen(rootdir);
if (dir == NULL)
{
sprintf(msg, "Error opening %s", fulldir);
sprintf(msg, "Error opening %s", rootdir);
WaitPrompt(msg);
return 0;
}
@ -297,14 +297,19 @@ ParseDirectory()
{
if(strcmp(filename,".") != 0)
{
browserList = (BROWSERENTRY *)realloc(browserList, (entryNum+1) * sizeof(BROWSERENTRY));
BROWSERENTRY * newBrowserList = (BROWSERENTRY *)realloc(browserList, (entryNum+1) * sizeof(BROWSERENTRY));
if(!browserList) // failed to allocate required memory
if(!newBrowserList) // failed to allocate required memory
{
ResetBrowser();
WaitPrompt("Out of memory: too many files!");
entryNum = 0;
break;
}
else
{
browserList = newBrowserList;
}
memset(&(browserList[entryNum]), 0, sizeof(BROWSERENTRY)); // clear the new entry
strncpy(browserList[entryNum].filename, filename, MAXJOLIET);

View File

@ -468,14 +468,19 @@ int SzParse(char * filepath, int method)
if (SzF->IsDirectory)
continue;
browserList = (BROWSERENTRY *)realloc(browserList, (SzJ+1) * sizeof(BROWSERENTRY));
BROWSERENTRY * newBrowserList = (BROWSERENTRY *)realloc(browserList, (SzJ+1) * sizeof(BROWSERENTRY));
if(!browserList) // failed to allocate required memory
if(!newBrowserList) // failed to allocate required memory
{
ResetBrowser();
WaitPrompt("Out of memory: too many files!");
nbfiles = 0;
break;
}
else
{
browserList = newBrowserList;
}
memset(&(browserList[SzJ]), 0, sizeof(BROWSERENTRY)); // clear the new entry
// parse information about this file to the dvd file list structure

View File

@ -44,8 +44,9 @@ void UpdateCheck()
snprintf(url, 128, "http://vba-wii.googlecode.com/svn/trunk/update.xml");
AllocSaveBuffer ();
retval = http_request(url, NULL, (u8 *)savebuffer, SAVEBUFFERSIZE);
u8 * tmpbuffer = (u8 *)malloc(32768);
memset(tmpbuffer, 0, 32768);
retval = http_request(url, NULL, tmpbuffer, 32768);
memset(url, 0, 128);
if (retval)
@ -53,14 +54,18 @@ void UpdateCheck()
mxml_node_t *xml;
mxml_node_t *item;
xml = mxmlLoadString(NULL, (char *)savebuffer, MXML_TEXT_CALLBACK);
xml = mxmlLoadString(NULL, (char *)tmpbuffer, MXML_TEXT_CALLBACK);
if(xml)
{
// check settings version
item = mxmlFindElement(xml, xml, "app", "version", NULL, MXML_DESCEND);
if(item) // a version entry exists
{
char * version = (char *)mxmlElementGetAttr(item, "version");
const char * version = mxmlElementGetAttr(item, "version");
if(version)
{
int verMajor = version[0] - '0';
int verMinor = version[2] - '0';
int verPoint = version[4] - '0';
@ -79,13 +84,20 @@ void UpdateCheck()
item = mxmlFindElement(xml, xml, "file", NULL, NULL, MXML_DESCEND);
if(item)
{
snprintf(updateURL, 128, "%s", mxmlElementGetAttr(item, "url"));
const char * tmp = mxmlElementGetAttr(item, "url");
if(tmp)
{
snprintf(updateURL, 128, "%s", tmp);
updateFound = true;
}
}
}
}
FreeSaveBuffer();
}
mxmlDelete(xml);
}
}
free(tmpbuffer);
}
}
@ -128,7 +140,7 @@ bool DownloadUpdate()
retval = http_request(updateURL, hfile, NULL, (1024*1024*5));
fclose (hfile);
}
ShowAction("Unzipping...");
ShowAction("Installing...");
bool unzipResult = unzipArchive(updateFile, (char *)"sd:/");
remove(updateFile); // delete update file

View File

@ -22,18 +22,16 @@
#include "filesel.h"
#include "input.h"
static char prefscomment[2][32];
/****************************************************************************
* Prepare Preferences Data
*
* This sets up the save buffer for saving.
***************************************************************************/
static mxml_node_t *xml;
static mxml_node_t *data;
static mxml_node_t *section;
static mxml_node_t *item;
static mxml_node_t *elem;
static mxml_node_t *xml = NULL;
static mxml_node_t *data = NULL;
static mxml_node_t *section = NULL;
static mxml_node_t *item = NULL;
static mxml_node_t *elem = NULL;
static char temp[20];
@ -120,6 +118,7 @@ preparePrefsData (int method)
memcpy (savebuffer, saveicon, offset);
// And the comments
char prefscomment[2][32];
memset(prefscomment, 0, 64);
sprintf (prefscomment[0], "%s Prefs", APPNAME);
sprintf (prefscomment[1], "Preferences");
@ -184,19 +183,31 @@ static void loadXMLSetting(char * var, const char * name, int maxsize)
{
item = mxmlFindElement(xml, xml, "setting", "name", name, MXML_DESCEND);
if(item)
snprintf(var, maxsize, "%s", mxmlElementGetAttr(item, "value"));
{
const char * tmp = mxmlElementGetAttr(item, "value");
if(tmp)
snprintf(var, maxsize, "%s", tmp);
}
}
static void loadXMLSetting(int * var, const char * name)
{
item = mxmlFindElement(xml, xml, "setting", "name", name, MXML_DESCEND);
if(item)
*var = atoi(mxmlElementGetAttr(item, "value"));
{
const char * tmp = mxmlElementGetAttr(item, "value");
if(tmp)
*var = atoi(tmp);
}
}
static void loadXMLSetting(float * var, const char * name)
{
item = mxmlFindElement(xml, xml, "setting", "name", name, MXML_DESCEND);
if(item)
*var = atof(mxmlElementGetAttr(item, "value"));
{
const char * tmp = mxmlElementGetAttr(item, "value");
if(tmp)
*var = atof(tmp);
}
}
/****************************************************************************
@ -216,7 +227,11 @@ static void loadXMLController(unsigned int controller[], const char * name)
{
elem = mxmlFindElement(item, xml, "button", "number", toStr(i), MXML_DESCEND);
if(elem)
controller[i] = atoi(mxmlElementGetAttr(elem, "assignment"));
{
const char * tmp = mxmlElementGetAttr(elem, "assignment");
if(tmp)
controller[i] = atoi(tmp);
}
}
}
}
@ -230,25 +245,28 @@ static void loadXMLController(unsigned int controller[], const char * name)
static bool
decodePrefsData (int method)
{
bool result = false;
int offset = 0;
// skip save icon and comments for Memory Card saves
if(method == METHOD_MC_SLOTA || method == METHOD_MC_SLOTB)
{
offset = sizeof (saveicon);
offset += 64; // sizeof prefscomment
offset += 64; // sizeof comments
}
xml = mxmlLoadString(NULL, (char *)savebuffer+offset, MXML_TEXT_CALLBACK);
if(xml)
{
// check settings version
char * version;
item = mxmlFindElement(xml, xml, "file", "version", NULL, MXML_DESCEND);
if(item) // a version entry exists
version = (char *)mxmlElementGetAttr(item, "version");
else // version # not found, must be invalid
return false;
{
const char * version = mxmlElementGetAttr(item, "version");
if(version)
{
// this code assumes version in format X.X.X
// XX.X.X, X.XX.X, or X.X.XX will NOT work
int verMajor = version[0] - '0';
@ -262,13 +280,18 @@ decodePrefsData (int method)
if(!(verMajor >= 0 && verMajor <= 9 &&
verMinor >= 0 && verMinor <= 9 &&
verPoint >= 0 && verPoint <= 9))
return false;
if(verPoint < 4 && verMajor == 1) // less than version 1.0.4
return false; // reset settings
result = false;
else if(verPoint < 4 && verMajor == 1) // less than version 1.0.4
result = false; // reset settings
else if(verMajor > curMajor || verMinor > curMinor || verPoint > curPoint) // some future version
return false; // reset settings
result = false; // reset settings
else
result = true;
}
}
if(result)
{
// File Settings
loadXMLSetting(&GCSettings.AutoLoad, "AutoLoad");
@ -300,10 +323,11 @@ decodePrefsData (int method)
loadXMLController(wmpadmap, "wmpadmap");
loadXMLController(ccpadmap, "ccpadmap");
loadXMLController(ncpadmap, "ncpadmap");
}
mxmlDelete(xml);
}
return true;
return result;
}
/****************************************************************************