From 2fd785e6342400a104ebea360d754c02884d4d2c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C3=ABl=20Banaan=20Ananas?= Date: Sun, 9 Sep 2012 13:16:21 +0000 Subject: [PATCH] add asserts to prevent array overflow or nullpointer access --- src/emu/sound/upd7759.c | 8 ++++++-- src/mame/drivers/homerun.c | 6 +++--- src/mame/drivers/snk68.c | 4 ++-- 3 files changed, 11 insertions(+), 7 deletions(-) diff --git a/src/emu/sound/upd7759.c b/src/emu/sound/upd7759.c index b4810a790ab..9f29e580573 100644 --- a/src/emu/sound/upd7759.c +++ b/src/emu/sound/upd7759.c @@ -594,7 +594,8 @@ static DEVICE_RESET( upd7759 ) static void upd7759_postload(upd7759_state *chip) { - chip->rom = chip->rombase + chip->romoffset; + if (chip->rombase) + chip->rom = chip->rombase + chip->romoffset; } @@ -654,8 +655,10 @@ static DEVICE_START( upd7759 ) /* compute the ROM base or allocate a timer */ chip->romoffset = 0; chip->rom = chip->rombase = *device->region(); - if (chip->rom == NULL) + if (chip->rombase == NULL) chip->timer = device->machine().scheduler().timer_alloc(FUNC(upd7759_slave_update), chip); + else + assert((device->region()->bytes() & 0x1ffff) == 0); /* set the DRQ callback */ chip->drqcallback = intf->drqcallback; @@ -736,6 +739,7 @@ int upd7759_busy_r(device_t *device) void upd7759_set_bank_base(device_t *device, UINT32 base) { upd7759_state *chip = get_safe_token(device); + assert(chip->rombase != NULL); chip->rom = chip->rombase + base; chip->romoffset = base; } diff --git a/src/mame/drivers/homerun.c b/src/mame/drivers/homerun.c index 5afdf295e8d..204d95e5426 100644 --- a/src/mame/drivers/homerun.c +++ b/src/mame/drivers/homerun.c @@ -361,7 +361,7 @@ ROM_START( homerun ) ROM_REGION( 0x20000, "gfx2", 0 ) ROM_LOAD( "homerun.ic120", 0x00000, 0x20000, CRC(52f0709b) SHA1(19e675bcccadb774f60ec5929fc1fb5cf0d3f617) ) - ROM_REGION( 0x08000, "d7756c", ROMREGION_ERASE00 ) + ROM_REGION( 0x20000, "d7756c", ROMREGION_ERASE00 ) ROM_LOAD( "d7756c.ic98", 0x00000, 0x08000, NO_DUMP ) /* D7756C built-in rom */ ROM_END @@ -377,7 +377,7 @@ ROM_START( dynashot ) ROM_REGION( 0x20000, "gfx2", 0 ) ROM_LOAD( "2.ic120", 0x00000, 0x20000, CRC(bedf7b98) SHA1(cb6c5fcaf8df5f5c7636c3c8f79b9dda78e30c2e) ) - ROM_REGION( 0x08000, "d7756c", ROMREGION_ERASE00 ) + ROM_REGION( 0x20000, "d7756c", ROMREGION_ERASE00 ) ROM_LOAD( "d7756c.ic98", 0x00000, 0x08000, NO_DUMP ) /* D7756C built-in rom */ ROM_END @@ -393,7 +393,7 @@ ROM_START( ganjaja ) ROM_REGION( 0x20000, "gfx2", 0 ) ROM_LOAD( "2.ic120", 0x00000, 0x20000, CRC(e65d4d57) SHA1(2ec9e5bdaa94b808573313b6eca657d798004b53) ) - ROM_REGION( 0x08000, "d7756c", 0 ) + ROM_REGION( 0x20000, "d7756c", ROMREGION_ERASE00 ) ROM_LOAD( "d77p56cr.ic98", 0x00000, 0x08000, CRC(06a234ac) SHA1(b4ceff3f9f78551cf4a085642e162e33b266f067) ) /* D77P56CR OTP rom (One-Time Programmable, note the extra P) */ ROM_END diff --git a/src/mame/drivers/snk68.c b/src/mame/drivers/snk68.c index 53ff0175a9b..7ea1a5905af 100644 --- a/src/mame/drivers/snk68.c +++ b/src/mame/drivers/snk68.c @@ -665,7 +665,7 @@ ROM_START( pow ) ROM_LOAD16_BYTE( "snk880.22a", 0x1c0000, 0x20000, CRC(aa9c00d8) SHA1(1017ed1cc036c6084b71204a998fd05557a6e59f) ) ROM_LOAD16_BYTE( "snk880.26a", 0x1c0001, 0x20000, CRC(9bc261c5) SHA1(f07fef465191d48ccc149d1a62e6382d3fc0ef9f) ) - ROM_REGION( 0x10000, "upd", 0 ) /* UPD7759 samples */ + ROM_REGION( 0x20000, "upd", ROMREGION_ERASE00 ) /* UPD7759 samples */ ROM_LOAD( "dg7.d20", 0x000000, 0x10000, CRC(aba9a9d3) SHA1(5098cd3a064b8ede24797de8879a277d79e79d75) ) ROM_REGION( 0x0100, "plds", 0 ) @@ -702,7 +702,7 @@ ROM_START( powj ) ROM_LOAD16_BYTE( "snk880.22a", 0x1c0000, 0x20000, CRC(aa9c00d8) SHA1(1017ed1cc036c6084b71204a998fd05557a6e59f) ) ROM_LOAD16_BYTE( "snk880.26a", 0x1c0001, 0x20000, CRC(9bc261c5) SHA1(f07fef465191d48ccc149d1a62e6382d3fc0ef9f) ) - ROM_REGION( 0x10000, "upd", 0 ) /* UPD7759 samples */ + ROM_REGION( 0x20000, "upd", ROMREGION_ERASE00 ) /* UPD7759 samples */ ROM_LOAD( "dg7.d20", 0x000000, 0x10000, CRC(aba9a9d3) SHA1(5098cd3a064b8ede24797de8879a277d79e79d75) ) ROM_REGION( 0x0100, "plds", 0 )