mirror/86Box-bios-tools
1
0
Fork 0
mirror of https://github.com/86Box/bios-tools.git synced 2026-02-22 09:35:33 -07:00
Code Issues Packages Projects Releases Wiki Activity

bios_extract: Fix Phoenix-related segfaults

Browse Source
This commit is contained in:
RichardG867
2022-04-13 11:26:28 -03:00
parent b1d6c79225
commit cd3f22ecdd
2 changed files with 5 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bios_extract/src/lh5_extract.c
View File

@@ -543,7 +543,7 @@ LH5Decode(unsigned char *PackedBuffer, int PackedBufferSize,
if (offset > n)
return -1;
for (i = 0; i < length; i++) {
for (i = 0; (i < length) && (n < OutputBufferSize); i++) {
OutputBuffer[n] = OutputBuffer[n - offset];
n++;
}

7
bios_extract/src/phoenix.c
View File

@@ -317,7 +317,7 @@ static int PhoenixModule(unsigned char *BIOSImage, int BIOSLength, int Offset)
unsigned char *Buffer;
unsigned char *ModuleData;
uint32_t Packed;
int fd, ExtractResult;
int fd, ExtractResult, Remain;
Module = (struct PhoenixModuleHeader *)(BIOSImage + Offset);
@@ -396,15 +396,16 @@ valid_signature:
FragLength = le32toh(Fragment->FragLength);
printf("(%05X, %d bytes) ", FragOffset, FragLength);
if (Packed + FragLength > le32toh(Module->ExpLen)) {
if ((Packed + FragLength > le32toh(Module->ExpLen)) || ((FragOffset + 9 + FragLength) >= BIOSLength)) {
printf("\nFragment too big at %05X for %05X\n",
FragOffset, Offset);
free(ModuleData);
/* Assume this is an invalid fragment module */
goto BadFragment;
}
Remain = BIOSLength - ((ModuleData + Packed) - BIOSImage);
memcpy(ModuleData + Packed, BIOSImage + FragOffset + 9,
FragLength);
(Remain < FragLength) ? Remain : FragLength);
Packed += FragLength;
FragOffset =
le32toh(Fragment->NextFrag) & (BIOSLength - 1);