From aa43e7c0db0fda0c388d9a5a11c4eeaac31655b1 Mon Sep 17 00:00:00 2001 From: Aaron Culliney Date: Sun, 30 Mar 2014 13:17:47 -0700 Subject: [PATCH] Fixes for bsave/bload * Warn/abort for overflows --- src/meta/debug.l | 60 ++++++++++++++++++++++++--------------------- src/meta/debugger.c | 7 +++++- 2 files changed, 38 insertions(+), 29 deletions(-) diff --git a/src/meta/debug.l b/src/meta/debug.l index c0ab3d94..1eac0fc3 100644 --- a/src/meta/debug.l +++ b/src/meta/debug.l @@ -439,31 +439,30 @@ ADDRS [0-9a-fA-F]+ /* bload */ FILE *fp = NULL; char *ptr = NULL; - char name[128]; - int len = -1; + char buf[DEBUG_BUFSZ]; while (!isspace(*debugtext)) ++debugtext; while (isspace(*debugtext)) ++debugtext; ptr = debugtext; while (!isspace(*debugtext)) ++debugtext; - len = debugtext-ptr; + int len = MIN(debugtext-ptr, DEBUG_BUFSZ-1); /* filename */ - strncpy(name, ptr, len); - name[len] = '\0'; + strncpy(buf, ptr, len); + buf[len] = '\0'; /* bload addr */ while (isspace(*debugtext)) ++debugtext; arg1 = strtol(debugtext, (char**)NULL, 16); - fp = fopen(name, "r"); + fp = fopen(buf, "r"); if (fp == NULL) { - sprintf(second_buf[num_buffer_lines++], "problem: %s", name); - perror(name); + perror(buf); + sprintf(second_buf[num_buffer_lines++], "problem: %s", buf); return BLOAD; } - bload(fp, name, arg1); + bload(fp, buf, arg1); fclose(fp); return BLOAD; } @@ -876,7 +875,7 @@ ADDRS [0-9a-fA-F]+ /* save memory dump to file */ FILE *fp = NULL; char *ptr = NULL; - int len, start, len2, bank; + char buf[DEBUG_BUFSZ]; while (!isspace(*debugtext)) ++debugtext; while (isspace(*debugtext)) ++debugtext; @@ -884,35 +883,40 @@ ADDRS [0-9a-fA-F]+ /* copy file name */ ptr = debugtext; while (!isspace(*debugtext)) ++debugtext; - len = debugtext - ptr; - strncpy(temp, ptr, len); - temp[len] = '\0'; + int len = MIN(debugtext - ptr, TEMPSIZE-1); + strncpy(buf, ptr, len); + buf[len] = '\0'; /* get bank info */ while (*debugtext != '/') ++debugtext; ++debugtext; - bank = strtol(debugtext, &debugtext, 10); + int bank = strtol(debugtext, &debugtext, 10); ++debugtext; - /* extract start and len */ - start = strtol(debugtext, &debugtext, 16); - len2 = strtol(debugtext, &debugtext, 16); + /* extract addrs and len */ + unsigned int addrs = strtol(debugtext, &debugtext, 16); + while (isspace(*debugtext)) ++debugtext; + len = strtol(debugtext, &debugtext, 16); - fp = fopen(temp, "w"); /* try to open file for writing */ + if (addrs+len > 0x10000) { + sprintf(second_buf[num_buffer_lines++], "buffer length overflow"); + return BSAVE; + } + + fp = fopen(buf, "w"); /* try to open file for writing */ if (fp == NULL) { - sprintf(second_buf[num_buffer_lines++], "problem: %s", temp); - perror(temp); - return BSAVE; - } - len = fwrite(apple_ii_64k[bank]+start, 1, len2, fp); - if (len < len2) { - sprintf(second_buf[num_buffer_lines++], "problem: %s", temp); - perror(temp); - fclose(fp); + perror(buf); + sprintf(second_buf[num_buffer_lines++], "problem: %s", buf); return BSAVE; } - sprintf(second_buf[num_buffer_lines++], "bsaved: %s", temp); + do { + int written = fwrite(apple_ii_64k[bank]+addrs, 1, len, fp); + len -= written; + addrs += written; + } while(len); + + sprintf(second_buf[num_buffer_lines++], "bsaved: %s", buf); fclose(fp); return BSAVE; } diff --git a/src/meta/debugger.c b/src/meta/debugger.c index c68a08b5..d8012419 100644 --- a/src/meta/debugger.c +++ b/src/meta/debugger.c @@ -460,7 +460,7 @@ void bload(FILE *f, char *name, int addrs) { if ((addrs < 0) || (addrs > 0xffff)) { - sprintf(second_buf[num_buffer_lines++], "invalid address"); + sprintf(second_buf[num_buffer_lines++], "problem: invalid address"); return; } @@ -471,6 +471,11 @@ void bload(FILE *f, char *name, int addrs) { { data = *hexstr; + if (addrs+len >= 0x10000) { + sprintf(second_buf[num_buffer_lines++], "problem: bload will overflow"); + return; + } + /* call the set_memory routine, which knows how to route the request */ cpu65_direct_write(addrs,data);