GerbilSoft/rom-properties
1
Fork 0
mirror of https://github.com/GerbilSoft/rom-properties.git synced 2025-06-18 19:45:41 -04:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

[unice68] unice68_unpack.c: depack_bytes: Check chk_dst_range(), *and* add chk_src_range().

Browse Source 
One of the afl-fuzz tests (000003?) was failing due to the source
range being out of bounds.

Also, add assert() to the checked chk_src_range() and chk_dst_range()
functions.
This commit is contained in:
David Korth 2023-10-11 01:39:25 -04:00
parent 13363cfe69
commit 563bb5f6c8
1 changed files with 13 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
extlib/unice68/unice68_unpack.c vendored
View File

@ -33,6 +33,8 @@
# include <stdint.h>
#endif
#include <assert.h>
typedef uint8_t u8;
typedef int8_t s8;
typedef int16_t s16;
@ -142,8 +144,10 @@ static inline int get_1_bit(all_regs_t *R)
r = (R->d7 & 255) << 1;
B_CC(r & 255, bitfound);
if (chk_src_range(R,R->a5-1,R->a5-1))
if (chk_src_range(R,R->a5-1,R->a5-1)) {
assert(!"chk_dst_range() failed");
return 0;
}
r = (r>>8) + (*(--R->a5) << 1);
bitfound:
@ -489,7 +493,14 @@ less_40:
depack_bytes:
R->a1 = R->a6 + 2 + (s16)R->d4 + (s16)R->d1;
chk_dst_range(R, R->a6 - DBF_COUNT(R->d4) - 1, R->a6-1);
if (chk_dst_range(R, R->a6 - DBF_COUNT(R->d4) - 1, R->a6-1)) {
assert(!"chk_dst_range() failed");
return;
}
if (chk_src_range(R, R->a1 - DBF_COUNT(R->d4) - 1, R->a1-1)) {
assert(!"chk_dst_range() failed");
return;
}
if (R->a6>R->a4) *(--R->a6) = *(--R->a1);
dep_b:
if (R->a6>R->a4) *(--R->a6) = *(--R->a1);