From f8de54096206834469da3c55a33620b33651e07f Mon Sep 17 00:00:00 2001
From: n-a-c-h <>
Date: Sun, 13 Nov 2005 17:23:15 +0000
Subject: [PATCH] Added buffer overflow protection to char_array_unpack().

---
 zsnes/src/parsegen.cpp | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/zsnes/src/parsegen.cpp b/zsnes/src/parsegen.cpp
index 679df92a..a075df2a 100644
--- a/zsnes/src/parsegen.cpp
+++ b/zsnes/src/parsegen.cpp
@@ -718,11 +718,15 @@ void output_parser_start(ostream& c_stream)
            << "static char *char_array_unpack(char *str)\n"
            << "{\n"
            << "  char *p = packed, *token;\n"
+           << "  size_t len = 0;\n"
+           << "  memset(packed, 0, sizeof(packed));\n"
            << "  for (token = get_token(str, \"\\\\\"); token; token = get_token(0, \"\\\\\"))\n"
            << "  {\n"
            << "    if (*token == '0')\n"
            << "    {\n"
            << "      size_t i = base94_decode(decode_string(token+1));\n"
+           << "      len += i;\n"
+           << "      if (len > sizeof(packed)) { break; }\n"
            << "      memset(p, 0, i);\n"
            << "      p += i;\n"
            << "    }\n"
@@ -730,6 +734,12 @@ void output_parser_start(ostream& c_stream)
            << "    {\n"
            << "      char *decoded = decode_string(token);\n"
            << "      size_t decoded_length = strlen(decoded);\n"
+           << "      len += decoded_length;\n"
+           << "      if (len > sizeof(packed))\n"
+           << "      {\n"
+           << "        memcpy(p, decoded, sizeof(packed)-(len-decoded_length));\n"
+           << "        break;\n"
+           << "      }\n"
            << "      memcpy(p, decoded, decoded_length);\n"
            << "      p += decoded_length;\n"
            << "    }\n"