all repos — mgba @ 054f4320739236ec85344e8d33b2e61f301275f3

mGBA Game Boy Advance Emulator

Core: Fix integer overflow in ELF loading
Vicki Pfau vi@endrift.com
Sat, 01 Feb 2020 20:49:43 -0800
commit

054f4320739236ec85344e8d33b2e61f301275f3

parent

e6e26777a92ed90c2e66da682ee1da6759f6d003

2 files changed, 2 insertions(+), 1 deletions(-)

jump to
M CHANGESCHANGES 
@@ -9,6 +9,7 @@ - GBA Video: Fix backdrop blending on lines without sprites (fixes mgba.io/i/1647)
  - GBA Video: Fix OpenGL sprite flag priority
 Other fixes:
  - Core: Fix race condition initializing thread proxy
+ - Core: Fix integer overflow in ELF loading
  - Qt: Only dynamically reset video scale if a game is running
  - Qt: Fix race condition with proxied video events
  - Qt: Fix color selection in asset view (fixes mgba.io/i/1648)
M src/core/core.csrc/core/core.c 
@@ -370,7 +370,7 @@ size_t bsize, esize;
 		Elf32_Phdr* phdr = ELFProgramHeadersGetPointer(&ph, i);
 		void* block = mCoreGetMemoryBlock(core, phdr->p_paddr, &bsize);
 		char* bytes = ELFBytes(elf, &esize);
-		if (block && bsize >= phdr->p_filesz && esize >= phdr->p_filesz + phdr->p_offset) {
+		if (block && bsize >= phdr->p_filesz && bsize > phdr->p_offset && esize >= phdr->p_filesz + phdr->p_offset) {
 			memcpy(block, &bytes[phdr->p_offset], phdr->p_filesz);
 		} else {
 			return false;