all repos — mgba @ 6a14c30e3bbf5f665eeab5d54723ddc6690d2978

mGBA Game Boy Advance Emulator

Core: Enforce max mVL block size
Vicki Pfau vi@endrift.com
Mon, 24 Apr 2017 14:01:14 -0700
commit

6a14c30e3bbf5f665eeab5d54723ddc6690d2978

parent

909886d2e14f3ca429958fb2cf78edf7980044dd

1 files changed, 7 insertions(+), 0 deletions(-)

jump to
M src/feature/video-logger.csrc/feature/video-logger.c 
@@ -22,6 +22,7 @@ #include <zlib.h>
 #endif
 
 #define BUFFER_BASE_SIZE 0x20000
+#define MAX_BLOCK_SIZE 0x800000
 
 const char mVL_MAGIC[] = "mVL\0";
 

@@ -530,6 +531,12 @@ LOAD_32LE(header->blockType, 0, &buffer.blockType);
 	LOAD_32LE(header->length, 0, &buffer.length);
 	LOAD_32LE(header->channelId, 0, &buffer.channelId);
 	LOAD_32LE(header->flags, 0, &buffer.flags);
+
+	if (header->length > MAX_BLOCK_SIZE) {
+		// Pre-emptively reject blocks that are too big.
+		// If we encounter one, the file is probably corrupted.
+		return false;
+	}
 	return true;
 }