libretro/Mesen
1
0
Fork 0
mirror of https://github.com/libretro/Mesen.git synced 2025-02-12 04:10:29 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Prevent reading invalid memory (crashes) due to invalid headers

Browse Source
This commit is contained in:
Souryo 2015-12-28 13:59:10 -05:00
parent 6c7ca1829c
commit 165c8d3b81
1 changed files with 20 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
Core/ROMLoader.h
View File

@ -56,6 +56,21 @@ struct NESHeader
return Flags1 & 0x01 ? MirroringType::Vertical : MirroringType::Horizontal;
}
}
void SanitizeHeader(size_t romLength)
{
size_t calculatedLength = sizeof(NESHeader) + 0x4000 * ROMCount;
while(calculatedLength > romLength) {
ROMCount--;
calculatedLength = sizeof(NESHeader) + 0x4000 * ROMCount;
}
calculatedLength = sizeof(NESHeader) + 0x4000 * ROMCount + 0x2000 * VROMCount;
while(calculatedLength > romLength) {
VROMCount--;
calculatedLength = sizeof(NESHeader) + 0x4000 * ROMCount + 0x2000 * VROMCount;
}
}
};
class ROMLoader
@ -141,16 +156,18 @@ class ROMLoader
}
_crc32 = CRC32::GetCRC(buffer, length);
if(memcmp(buffer, "NES", 3) == 0) {
if(memcmp(buffer, "NES", 3) == 0 && length >= sizeof(NESHeader)) {
memcpy((char*)&_header, buffer, sizeof(NESHeader));
buffer += sizeof(NESHeader);
_header.SanitizeHeader(length);
_prgRAM = new uint8_t[0x4000 * _header.ROMCount];
_chrRAM = new uint8_t[0x2000 * _header.VROMCount];
buffer += sizeof(NESHeader);
memcpy(_prgRAM, buffer, 0x4000 * _header.ROMCount);
buffer += 0x4000 * _header.ROMCount;
memcpy(_chrRAM, buffer, 0x2000 * _header.VROMCount);
return true;