From 576912dd55689c73a2cfb20a5b71eaadc97ab647 Mon Sep 17 00:00:00 2001
From: Maxim Poliakovski <maximumspatium@googlemail.com>
Date: Tue, 3 Oct 2023 00:42:03 +0200
Subject: [PATCH] displayid: prevent reading past EDID data.

---
 devices/video/displayid.cpp | 11 ++++++++---
 devices/video/displayid.h   | 21 +++++++++++----------
 2 files changed, 19 insertions(+), 13 deletions(-)

diff --git a/devices/video/displayid.cpp b/devices/video/displayid.cpp
index 58c9acb..f9e9d54 100644
--- a/devices/video/displayid.cpp
+++ b/devices/video/displayid.cpp
@@ -1,6 +1,6 @@
 /*
 DingusPPC - The Experimental PowerPC Macintosh emulator
-Copyright (C) 2018-21 divingkatae and maximum
+Copyright (C) 2018-23 divingkatae and maximum
                       (theweirdo)     spatium
 
 (Contact divingkatae#1017 or powermax#2286 on Discord for more info)
@@ -75,6 +75,7 @@ DisplayID::DisplayID()
     this->last_sda   = 1;
     this->last_scl   = 1;
     this->data_ptr   = 0;
+    this->data_pos   = 0;
 }
 
 DisplayID::DisplayID(uint8_t std_code, uint8_t ext_code)
@@ -181,7 +182,8 @@ uint8_t DisplayID::update_ddc_i2c(uint8_t sda, uint8_t scl)
             if (this->dev_addr & 1) {
                 this->next_state = I2CState::DATA;
                 this->data_ptr   = this->edid;
-                this->byte       = *(this->data_ptr++);
+                this->data_pos   = 0;
+                this->byte       = this->data_ptr[this->data_pos++];
             } else {
                 this->next_state = I2CState::REG_ADDR;
             }
@@ -200,7 +202,10 @@ uint8_t DisplayID::update_ddc_i2c(uint8_t sda, uint8_t scl)
             if (dev_addr & 1) {
                 if (!sda) {
                     /* load next data byte */
-                    this->byte = *(this->data_ptr++);
+                    if (data_pos < 128)
+                        this->byte = this->data_ptr[this->data_pos++];
+                    else
+                        this->byte = 0;
                 } else {
                     LOG_F(ERROR, "DDC-I2C: Oops! NACK received");
                 }
diff --git a/devices/video/displayid.h b/devices/video/displayid.h
index e710ed3..de395fb 100644
--- a/devices/video/displayid.h
+++ b/devices/video/displayid.h
@@ -1,6 +1,6 @@
 /*
 DingusPPC - The Experimental PowerPC Macintosh emulator
-Copyright (C) 2018-21 divingkatae and maximum
+Copyright (C) 2018-23 divingkatae and maximum
                       (theweirdo)     spatium
 
 (Contact divingkatae#1017 or powermax#2286 on Discord for more info)
@@ -72,15 +72,16 @@ private:
     uint8_t ext_sense_code;
 
     /* DDC I2C variables. */
-    uint8_t next_state;
-    uint8_t prev_state;
-    uint8_t last_sda;
-    uint8_t last_scl;
-    int bit_count;     /* number of bits processed so far */
-    uint8_t byte;      /* byte value being currently transferred */
-    uint8_t dev_addr;  /* current device address */
-    uint8_t reg_addr;  /* current register address */
-    uint8_t* data_ptr; /* ptr to data byte to be transferred next */
+    uint8_t     next_state;
+    uint8_t     prev_state;
+    uint8_t     last_sda;
+    uint8_t     last_scl;
+    uint8_t     byte;       // byte value being currently transferred
+    uint8_t     dev_addr;   // current device address
+    uint8_t     reg_addr;   // current register address
+    uint8_t*    data_ptr;   // ptr to data byte to be transferred next
+    int         bit_count;  // number of bits processed so far
+    int         data_pos;   // current position in the data buffer
 
 /*
     uint8_t edid[128] = {