Core: Fix integer overflow in ELF loading
Vicki Pfau vi@endrift.com
Sat, 01 Feb 2020 20:49:43 -0800
2 files changed,
2 insertions(+),
1 deletions(-)
M
CHANGES
→
CHANGES
@@ -17,6 +17,7 @@ - GBA Video: Fix OpenGL sprite flag priority
Other fixes: - Core: Fix race condition initializing thread proxy - Core: Ensure ELF regions can be written before trying + - Core: Fix integer overflow in ELF loading - Qt: Only dynamically reset video scale if a game is running - Qt: Fix race condition with proxied video events - Qt: Force OpenGL paint engine creation thread (fixes mgba.io/i/1642)
M
src/core/core.c
→
src/core/core.c
@@ -377,7 +377,7 @@ size_t bsize, esize;
Elf32_Phdr* phdr = ELFProgramHeadersGetPointer(&ph, i); void* block = mCoreGetMemoryBlockMasked(core, phdr->p_paddr, &bsize, mCORE_MEMORY_WRITE | mCORE_MEMORY_WORM); char* bytes = ELFBytes(elf, &esize); - if (block && bsize >= phdr->p_filesz && esize >= phdr->p_filesz + phdr->p_offset) { + if (block && bsize >= phdr->p_filesz && bsize > phdr->p_offset && esize >= phdr->p_filesz + phdr->p_offset) { memcpy(block, &bytes[phdr->p_offset], phdr->p_filesz); } else { return false;