Fix potential overflow in huffman decoding
Jeffrey Pfau jeffrey@endrift.com
Sat, 25 Oct 2014 06:05:00 -0700
1 files changed,
1 insertions(+),
1 deletions(-)
jump to
M
src/gba/gba-bios.c
→
src/gba/gba-bios.c
@@ -319,7 +319,7 @@ node = cpu->memory.load8(cpu, nPointer, 0);
while (remaining > 0) { uint32_t bitstream = cpu->memory.load32(cpu, sPointer, 0); sPointer += 4; - for (bitsRemaining = 32; bitsRemaining > 0; --bitsRemaining, bitstream <<= 1) { + for (bitsRemaining = 32; bitsRemaining > 0 && remaining > 0; --bitsRemaining, bitstream <<= 1) { uint32_t next = (nPointer & ~1) + HuffmanNodeGetOffset(node) * 2 + 2; if (bitstream & 0x80000000) { // Go right