main: Limit buffers with snprintf and strncpy and check for background size before setting background

include/kumdman.h

@@ -1,7 +1,8 @@
 #ifndef ___KUMDMAN_H___
 #define ___KUMDMAN_H___
 
-static char outtxt[0x12]; 
+extern char outtxt[20];
+
 typedef struct {
     unsigned char peripheral_device_type;
     unsigned char removable;

source/hardware_utils.c

@@ -14,6 +14,7 @@ static char macbuf[256];
 ATAPI_INQURIY ai;
 u8 buf[0x38];
 u8 param[4] = { 0, 0, 0x38, 0 };
+char outtxt[20];
 
 int pspGetFirstSymbolOfModel(void) {
     switch(psp_model + 1) {
@@ -117,14 +118,14 @@ char *pspGetUMDFWText(void) {
     pspUmdExecInquiryCmd(pspUmdManGetUmdDrive(0), param, buf);
     memset(outtxt, 0, sizeof(outtxt));
     memcpy(&ai, buf, sizeof(ATAPI_INQURIY));
-    strncpy(outtxt, ai.sony_spec, 5);
+    strncpy(outtxt, ai.sony_spec, 20);
     return outtxt;
 }
 
 char *pspGetMacAddressText(void) {
-    u8 macaddr[512];
+    u8 macaddr[18];
     pspGetMACAddress(macaddr);
-    sprintf(macbuf, "%02X:%02X:%02X:%02X:%02X:%02X", macaddr[0], macaddr[1], macaddr[2], macaddr[3], macaddr[4], macaddr[5]);
+    snprintf(macbuf, 18, "%02X:%02X:%02X:%02X:%02X:%02X", macaddr[0], macaddr[1], macaddr[2], macaddr[3], macaddr[4], macaddr[5]);
     return macbuf;
 }
 

source/main.c

@@ -285,8 +285,8 @@ void SystemInfo(void) {
     
     text_system[0] = pspEverestPrintf(10, 40, trans->system.fw, pspGetFirmwareName());
     text_system[1] = pspEverestPrintf(10, 60, trans->system.button_assign);
-    text_system[2] = pspEverestPrintf(10, 80, "Company code: 0x%02X", pscode.companyCode);
-    text_system[3] = pspEverestPrintf(10, 100, "Product sub code: 0x%02X", pscode.productSubCode);
+    text_system[2] = pspEverestPrintf(10, 80, "Company code: %d", pscode.companyCode);
+    text_system[3] = pspEverestPrintf(10, 100, "Factory code: %d", pscode.factoryCode);
     
     if (button_assign)
         pic_button_assign = vlfGuiAddPictureResource("system_plugin_fg.rco", "tex_cross", 4, -2);
@@ -301,8 +301,8 @@ void SystemInfo(void) {
     text_system[4] = pspEverestPrintf(237, 40, trans->system.username);
     text_system[5] = vlfGuiAddTextW(language == PSP_SYSTEMPARAM_LANGUAGE_RUSSIAN ? 337 : 327, 40, (u16 *)unicode_username);
     text_system[6] = pspEverestPrintf(237, 60, trans->system.password, GetRegistryValue("/CONFIG/SYSTEM/LOCK", "password", &password, sizeof(password), 0));
-    text_system[7] = pspEverestPrintf(237, 80, "Product code: 0x%02X", pscode.productCode);
-    text_system[8] = pspEverestPrintf(237, 100, "Factory code: %d", pscode.factoryCode);
+    text_system[7] = pspEverestPrintf(237, 80, "Product code: 0x%04X", pscode.productCode);
+    text_system[8] = pspEverestPrintf(237, 100, "Product sub code: 0x%04X", pscode.productSubCode);
     
     text_system[9] = pspEverestPrintf(10, 130, "version.txt:");
     if (vertxt != NULL)
@@ -437,6 +437,9 @@ void MainMenu(int select) {
 }
 
 void SetBackground(void) {
+    if (!size_backgrounds_bmp)
+        return;
+    
     vlfGuiSetBackgroundFileBuffer(backgrounds_bmp + 111168, 6176, 1);
     SetFade();
 }

source/system_utils.c

@@ -9,7 +9,7 @@
 #include "translate.h"
 
 int sctrlHENGetMinorVersion();
-static char get_firmware_buf[256], version_txt_buf[256];
+static char get_firmware_buf[22], version_txt_buf[256];
 
 char *pspGetFirmwareName(void) {
     char *cfwname = "";
@@ -95,7 +95,7 @@ char *pspGetFirmwareName(void) {
     }
     
     char *devkit_chr = (char *)&devkit;
-    sprintf(get_firmware_buf, "%i.%i%i %s", devkit_chr[3], devkit_chr[2], devkit_chr[1], cfwname);
+    snprintf(get_firmware_buf, 22, "%i.%i%i %s", devkit_chr[3], devkit_chr[2], devkit_chr[1], cfwname);
     return get_firmware_buf;
 }
 

source/utils.c

@@ -18,7 +18,7 @@ int GetRegistryValue(const char *dir, const char *name, void *buf, int bufsize,
     reg.namelen = strlen("/system");
     reg.unk2 = 1;
     reg.unk3 = 1;
-    strcpy(reg.name, "/system");
+    strncpy(reg.name, "/system", 8);
     
     if (sceRegOpenRegistry(&reg, 2, &h) == 0) {
         REGHANDLE hd;