GBA: Disable more checks when loading GS save with checks disabled (fixes #1851)
Vicki Pfau vi@endrift.com
Wed, 12 Aug 2020 00:34:11 -0700
2 files changed,
3 insertions(+),
2 deletions(-)
M
CHANGES
→
CHANGES
@@ -39,6 +39,7 @@ - Core: Fix reported ROM size when a fixed buffer size is used
- Debugger: Don't skip undefined instructions when debugger attached - FFmpeg: Fix some small memory leaks - FFmpeg: Fix encoding of time base + - GBA: Disable more checks when loading GS save with checks disabled (fixes mgba.io/i/1851) - Qt: Force OpenGL paint engine creation thread (fixes mgba.io/i/1642) - Qt: Fix static compilation in MinGW (fixes mgba.io/i/1769) - Qt: Fix a race condition in the frame inspector
M
src/gba/sharkport.c
→
src/gba/sharkport.c
@@ -69,7 +69,7 @@ if (vf->read(vf, &buffer.i, 4) < 4) {
return false; } LOAD_32(size, 0, &buffer.i); - if (size < 0x1C || size > SIZE_CART_FLASH1M + 0x1C) { + if (size < 0x1C || size >= SIZE_CART_FLASH1M + 0x1C) { return false; } char* payload = malloc(size);@@ -91,7 +91,7 @@ buffer.c[0x18] = 0;
buffer.c[0x19] = 0; buffer.c[0x1A] = 0; buffer.c[0x1B] = 0; - if (memcmp(buffer.c, payload, 0x1C) != 0) { + if (memcmp(buffer.c, payload, testChecksum ? 0x1C : 0xF) != 0) { goto cleanup; }