Add maximum instruction opcode bounds check (thanks hthh)

This commit is contained in:
Michael Scire 2019-03-04 20:24:49 -08:00
parent 34af93b72f
commit 862aa73783

View file

@ -273,6 +273,11 @@ bool DmntCheatManager::ParseCheats(const char *s, size_t len) {
return false; return false;
} }
/* Bounds check the opcode count. */
if (cur_entry->definition.num_opcodes >= sizeof(cur_entry->definition.opcodes)/sizeof(cur_entry->definition.opcodes[0])) {
return false;
}
/* We're parsing an instruction, so validate it's 8 hex digits. */ /* We're parsing an instruction, so validate it's 8 hex digits. */
for (size_t j = 1; j < 8; j++) { for (size_t j = 1; j < 8; j++) {
/* Validate 8 hex chars. */ /* Validate 8 hex chars. */
@ -286,6 +291,7 @@ bool DmntCheatManager::ParseCheats(const char *s, size_t len) {
memcpy(hex_str, &s[i], 8); memcpy(hex_str, &s[i], 8);
cur_entry->definition.opcodes[cur_entry->definition.num_opcodes++] = strtoul(hex_str, NULL, 16); cur_entry->definition.opcodes[cur_entry->definition.num_opcodes++] = strtoul(hex_str, NULL, 16);
/* Skip onwards. */ /* Skip onwards. */
i += 8; i += 8;
} else { } else {