Sprinter/mame
2
0
Fork 0
mirror of https://github.com/holub/mame synced 2025-04-24 17:30:55 +03:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

d88_dsk: Add some safety checks to avoid reading beyond the end of file

Browse Source
This commit is contained in:
Dirk Best 2018-01-28 01:52:55 +01:00
parent 13efc263fd
commit 648af3b4d9
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/lib/formats/d88_dsk.cpp
View File

@ -479,22 +479,31 @@ bool d88_format::load(io_generic *io, uint32_t form_factor, floppy_image *image)
uint32_t track_pos[164];
io_generic_read(io, track_pos, 32, 164*4);
uint64_t file_size = io_generic_size(io);
for(int track=0; track < track_count; track++)
for(int head=0; head < head_count; head++) {
int pos = little_endianize_int32(track_pos[track * head_count + head]);
if(!pos)
continue;
desc_pc_sector sects[256];
uint8_t sect_data[65536];
int sdatapos = 0;
int sector_count = 1;
for(int i=0; i<sector_count; i++) {
if (pos + 16 > file_size)
return true;
uint8_t hs[16];
io_generic_read(io, hs, pos, 16);
pos += 16;
uint16_t size = little_endianize_int16(*(uint16_t *)(hs+14));
if(pos + size > file_size)
return true;
if(i == 0) {
sector_count = little_endianize_int16(*(uint16_t *)(hs+4));
// Support broken vfman converter