GerbilSoft/rom-properties
1
Fork 0
mirror of https://github.com/GerbilSoft/rom-properties.git synced 2025-06-18 19:45:41 -04:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

[libromdata] Xbox360_XEX_Private::getOptHdrData(): Limit the maximum header size to 16 MB.

Browse Source 
aflplusplus, and the debug version of rpcli, was hanging on some fuzzed
XEXes with ~4 GB headers because the debug version of std::vector<> was
initializing each byte, one at a time.

Headers shouldn't be that big, but we'll go with a maximum of 16 MB
just in case.

Found using aflplusplus-4.32c.
This commit is contained in:
David Korth 2025-05-10 14:16:25 -04:00
parent 4a85bc7be4
commit 05e95ec9a8
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/libromdata/Console/Xbox360_XEX.cpp
View File

@ -430,6 +430,15 @@ size_t Xbox360_XEX_Private::getOptHdrData(uint32_t header_id, rp::uvector<uint8_
size = be32_to_cpu(dwSize);
}
// Sanity check: Header must be 16 MB or less.
static constexpr size_t MAX_HEADER_SIZE = 16U*1024*1024;
assert(size <= MAX_HEADER_SIZE);
if (size > MAX_HEADER_SIZE) {
// Invalid header size.
pVec.clear();
return 0;
}
// Read the data.
// NOTE: This includes the size value for 0xFF structs.
pVec.resize(size);