valter/dosbox-staging
1
0
Fork 0
Code Releases Activity

Avoid buffer underflow by copying all fields

Browse source 
This code made silent assumption that first fields in direntry are
exactly 14 bytes - this was fine, except would break as soon as anyone
would touch the struct (or e.g. if a compiler would lack support for
packed structures and inject some padding in there); rewrite the copy
code to follow the same pattern as other fields - now the code will be
fine even if someone will change fields in the direntry struct.

Fixes 2 PVS static analysis issues (buffer underflow on src and dst).
This commit is contained in:
Patryk Obara 2020-02-23 00:41:33 +01:00
parent 6011c016c5
commit c619445003
2 changed files with 16 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
include/mem.h
View file

@ -127,6 +127,10 @@ static INLINE void host_writed(HostPt off,Bit32u val) {
//
// __builtin_bswap* is supported since GCC 4.3 and Clang 3.4
constexpr static INLINE uint8_t host_to_le(uint8_t val) {
return val;
}
#if defined(WORDS_BIGENDIAN)
constexpr static INLINE int16_t host_to_le(int16_t val) {

21
src/dos/drive_fat.cpp
View file

@ -1098,15 +1098,18 @@ char* trimString(char* str, const size_t max_len) {
}
static void copyDirEntry(const direntry *src, direntry *dst) {
memcpy(dst, src, 14); // single byte fields
dst->crtTime = host_to_le(src->crtTime);
dst->crtDate = host_to_le(src->crtDate);
dst->accessDate = host_to_le(src->accessDate);
dst->hiFirstClust = host_to_le(src->hiFirstClust);
dst->modTime = host_to_le(src->modTime);
dst->modDate = host_to_le(src->modDate);
dst->loFirstClust = host_to_le(src->loFirstClust);
dst->entrysize = host_to_le(src->entrysize);
memcpy(dst->entryname, src->entryname, sizeof(src->entryname));
dst->attrib = host_to_le(src->attrib);
dst->NTRes = host_to_le(src->NTRes);
dst->milliSecondStamp = host_to_le(src->milliSecondStamp);
dst->crtTime = host_to_le(src->crtTime);
dst->crtDate = host_to_le(src->crtDate);
dst->accessDate = host_to_le(src->accessDate);
dst->hiFirstClust = host_to_le(src->hiFirstClust);
dst->modTime = host_to_le(src->modTime);
dst->modDate = host_to_le(src->modDate);
dst->loFirstClust = host_to_le(src->loFirstClust);
dst->entrysize = host_to_le(src->entrysize);
}
bool fatDrive::FindNextInternal(Bit32u dirClustNumber, DOS_DTA &dta, direntry *foundEntry) {