Sprinter/mame
2
0
Fork 0
mirror of https://github.com/holub/mame synced 2025-05-29 09:03:08 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #1396 from npwoods/fix_jvc_header_buffer_overrun

Browse Source 
Fixed a potential buffer overrun in the code that reads headers for the CoCo JVC disk image format
This commit is contained in:
Miodrag Milanović 2016-09-13 13:35:46 +02:00 committed by GitHub
commit 4d3d404d17
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/lib/formats/jvc_dsk.cpp
View File

@ -37,16 +37,19 @@ const char *jvc_format::extensions() const
bool jvc_format::parse_header(io_generic *io, int &header_size, int &tracks, int &heads, int &sectors, int &sector_size, int &base_sector_id) bool jvc_format::parse_header(io_generic *io, int &header_size, int &tracks, int &heads, int &sectors, int &sector_size, int &base_sector_id)
{ {
// The JVC format has a header whose size is the size of the image modulo 256. Currently, we only
// handle up to five header bytes
UINT64 size = io_generic_size(io); UINT64 size = io_generic_size(io);
header_size = size % 256; header_size = size % 256;
UINT8 header[5]; UINT8 header[5];
// if we know that this is a header of a bad size, we can fail
// immediately; otherwise read the header
if (header_size >= sizeof(header))
return false;
if (header_size > 0) if (header_size > 0)
io_generic_read(io, header, 0, header_size); io_generic_read(io, header, 0, header_size);
if (header_size > 5)
return false;
// default values // default values
heads = 1; heads = 1;
sectors = 18; sectors = 18;