a_dinosaur/ZSNES
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added buffer overflow protection to char_array_unpack().

Browse Source
This commit is contained in:
n-a-c-h
2005-11-13 17:23:15 +00:00
parent 597c170823
commit f8de540962
1 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
zsnes/src/parsegen.cpp
View File

@@ -718,11 +718,15 @@ void output_parser_start(ostream& c_stream)
<< "static char *char_array_unpack(char *str)\n"
<< "{\n"
<< " char *p = packed, *token;\n"
<< " size_t len = 0;\n"
<< " memset(packed, 0, sizeof(packed));\n"
<< " for (token = get_token(str, \"\\\\\"); token; token = get_token(0, \"\\\\\"))\n"
<< " {\n"
<< " if (*token == '0')\n"
<< " {\n"
<< " size_t i = base94_decode(decode_string(token+1));\n"
<< " len += i;\n"
<< " if (len > sizeof(packed)) { break; }\n"
<< " memset(p, 0, i);\n"
<< " p += i;\n"
<< " }\n"
@@ -730,6 +734,12 @@ void output_parser_start(ostream& c_stream)
<< " {\n"
<< " char *decoded = decode_string(token);\n"
<< " size_t decoded_length = strlen(decoded);\n"
<< " len += decoded_length;\n"
<< " if (len > sizeof(packed))\n"
<< " {\n"
<< " memcpy(p, decoded, sizeof(packed)-(len-decoded_length));\n"
<< " break;\n"
<< " }\n"
<< " memcpy(p, decoded, decoded_length);\n"
<< " p += decoded_length;\n"
<< " }\n"