From 60aabb91d71c51c3c094b1964f75fc71849ec295 Mon Sep 17 00:00:00 2001 From: Ari Sundholm Date: Sat, 9 Sep 2017 14:12:33 +0300 Subject: [PATCH] Fix some undefined behavior The destructor of Resampler needs to be virtual, as it is subclassed and pointers to objects subclassed from it are being deleted. The issue in controls.cpp is that the loop ends up reading past the end of an array. The small rewrite of the loop also makes it more readable. In memmap.cpp, there is an assignment statement of the following form: a[i++] = b[i]; It is undefined what i's value should be in b[i], so this was made explicit. --- apu/resampler.h | 2 +- controls.cpp | 6 ++++-- memmap.cpp | 5 ++++- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/apu/resampler.h b/apu/resampler.h index f4b09c4a..4f8cf6f6 100644 --- a/apu/resampler.h +++ b/apu/resampler.h @@ -17,7 +17,7 @@ class Resampler : public ring_buffer { } - ~Resampler () + virtual ~Resampler () { } diff --git a/controls.cpp b/controls.cpp index 32c09754..cca9f85f 100644 --- a/controls.cpp +++ b/controls.cpp @@ -2879,8 +2879,9 @@ void S9xSetJoypadLatch (bool latch) switch (i = curcontrollers[n]) { case MP5: - for (int j = 0, k = mp5[n].pads[j]; j < 4; k = mp5[n].pads[++j]) + for (int j = 0, k; j < 4; ++j) { + k = mp5[n].pads[j]; if (k == NONE) continue; do_polling(k); @@ -3170,8 +3171,9 @@ void S9xControlEOF (void) switch (i = curcontrollers[n]) { case MP5: - for (j = 0, i = mp5[n].pads[j]; j < 4; i = mp5[n].pads[++j]) + for (j = 0; j < 4; ++j) { + i = mp5[n].pads[j]; if (i == NONE) continue; diff --git a/memmap.cpp b/memmap.cpp index 60d38986..513db49e 100644 --- a/memmap.cpp +++ b/memmap.cpp @@ -4054,7 +4054,10 @@ static bool8 ReadBPSPatch (Stream *r, long, int32 &rom_size) switch((int)mode) { case SourceRead: - while(length--) patched_rom[outputOffset++] = Memory.ROM[outputOffset]; + while(length--) { + patched_rom[outputOffset] = Memory.ROM[outputOffset]; + outputOffset++; + } break; case TargetRead: while(length--) patched_rom[outputOffset++] = data[addr++];