From 862aa7378308fbab0d8b7078b90f230ef5598f6e Mon Sep 17 00:00:00 2001
From: Michael Scire <SciresM@gmail.com>
Date: Mon, 4 Mar 2019 20:24:49 -0800
Subject: [PATCH] Add maximum instruction opcode bounds check (thanks hthh)

---
 stratosphere/dmnt/source/dmnt_cheat_manager.cpp | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/stratosphere/dmnt/source/dmnt_cheat_manager.cpp b/stratosphere/dmnt/source/dmnt_cheat_manager.cpp
index 63d329d65..1a152a7a5 100644
--- a/stratosphere/dmnt/source/dmnt_cheat_manager.cpp
+++ b/stratosphere/dmnt/source/dmnt_cheat_manager.cpp
@@ -273,6 +273,11 @@ bool DmntCheatManager::ParseCheats(const char *s, size_t len) {
                 return false;
             }
             
+            /* Bounds check the opcode count. */
+            if (cur_entry->definition.num_opcodes >= sizeof(cur_entry->definition.opcodes)/sizeof(cur_entry->definition.opcodes[0])) {
+                return false;
+            }
+            
             /* We're parsing an instruction, so validate it's 8 hex digits. */
             for (size_t j = 1; j < 8; j++) {
                 /* Validate 8 hex chars. */
@@ -286,6 +291,7 @@ bool DmntCheatManager::ParseCheats(const char *s, size_t len) {
             memcpy(hex_str, &s[i], 8);
             cur_entry->definition.opcodes[cur_entry->definition.num_opcodes++] = strtoul(hex_str, NULL, 16);
             
+            
             /* Skip onwards. */
             i += 8;
         } else {