From c6f68033c5d5b81c720aeffff72d9296352e08dc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Strohh=C3=A4cker?=
 <c2woody@users.sourceforge.net>
Date: Fri, 29 Jul 2005 19:57:58 +0000
Subject: [PATCH] check validity of MCBs on resize and free memory functions

Imported-from: https://svn.code.sf.net/p/dosbox/code-0/dosbox/trunk@2252
---
 src/dos/dos_memory.cpp | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/src/dos/dos_memory.cpp b/src/dos/dos_memory.cpp
index 8ffc6926..17c30af7 100644
--- a/src/dos/dos_memory.cpp
+++ b/src/dos/dos_memory.cpp
@@ -134,8 +134,17 @@ bool DOS_AllocateMemory(Bit16u * segment,Bit16u * blocks) {
 
 
 bool DOS_ResizeMemory(Bit16u segment,Bit16u * blocks) {
-	DOS_CompressMemory();
+	if (segment < MEM_START+1) {
+		LOG(LOG_DOSMISC,LOG_ERROR)("Program resizes %X, take care",segment);
+	}
+      
 	DOS_MCB mcb(segment-1);
+	if ((mcb.GetType()!=0x4d) && (mcb.GetType()!=0x5a)) {
+		DOS_SetError(DOSERR_MCB_DESTROYED);
+		return false;
+	}
+
+	DOS_CompressMemory();
 	Bit16u total=mcb.GetSize();
 	DOS_MCB	mcb_next(segment+total);
 	if (*blocks<=total) {
@@ -188,12 +197,17 @@ bool DOS_ResizeMemory(Bit16u segment,Bit16u * blocks) {
 
 bool DOS_FreeMemory(Bit16u segment) {
 //TODO Check if allowed to free this segment
-	if ((segment-1) < MEM_START){
+	if (segment < MEM_START+1) {
 		LOG(LOG_DOSMISC,LOG_ERROR)("Program tried to free %X ---ERROR",segment);
+		DOS_SetError(DOSERR_MB_ADDRESS_INVALID);
 		return false;
 	}
       
 	DOS_MCB mcb(segment-1);
+	if ((mcb.GetType()!=0x4d) && (mcb.GetType()!=0x5a)) {
+		DOS_SetError(DOSERR_MB_ADDRESS_INVALID);
+		return false;
+	}
 	mcb.SetPSPSeg(MCB_FREE);
 	DOS_CompressMemory();
 	return true;