From c51de7aa95ac1028fb4c7c0a28c40e50e2b2d9bf Mon Sep 17 00:00:00 2001
From: Nathan Woods <npwoods@mess.org>
Date: Tue, 13 Sep 2016 06:50:08 -0400
Subject: [PATCH] Fixed a potential buffer overrun in the code that reads
 headers for the CoCo JVC disk image format

---
 src/lib/formats/jvc_dsk.cpp | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/lib/formats/jvc_dsk.cpp b/src/lib/formats/jvc_dsk.cpp
index 30ec8287f22..ce364d9efe2 100644
--- a/src/lib/formats/jvc_dsk.cpp
+++ b/src/lib/formats/jvc_dsk.cpp
@@ -37,16 +37,19 @@ const char *jvc_format::extensions() const
 
 bool jvc_format::parse_header(io_generic *io, int &header_size, int &tracks, int &heads, int &sectors, int &sector_size, int &base_sector_id)
 {
+	// The JVC format has a header whose size is the size of the image modulo 256.  Currently, we only
+	// handle up to five header bytes
 	UINT64 size = io_generic_size(io);
 	header_size = size % 256;
 	UINT8 header[5];
 
+	// if we know that this is a header of a bad size, we can fail
+	// immediately; otherwise read the header
+	if (header_size >= sizeof(header))
+		return false;
 	if (header_size > 0)
 		io_generic_read(io, header, 0, header_size);
 
-	if (header_size > 5)
-		return false;
-
 	// default values
 	heads = 1;
 	sectors = 18;