GBA: Fix memory leak when deserializing invalid savestate tags
Jeffrey Pfau jeffrey@endrift.com
Tue, 29 Dec 2015 16:57:43 -0500
1 files changed,
1 insertions(+),
1 deletions(-)
jump to
M
src/gba/serialize.c
→
src/gba/serialize.c
@@ -285,7 +285,7 @@ uint32_t tag;
LOAD_32(tag, 0, chunk->data); LOAD_32(item.size, sizeof(uint32_t), chunk->data); uLongf len = item.size; - if (item.size < 0) { + if (item.size < 0 || tag == EXTDATA_NONE || tag >= EXTDATA_MAX) { return 0; } item.data = malloc(item.size);