mirror/86Box
1
0
Fork 0
mirror of https://github.com/86Box/86Box.git synced 2026-02-22 09:35:32 -07:00
Code Issues Packages Projects Releases Activity

Possible fix for CodeQL error

Browse Source
This commit is contained in:
Domppari
2026-01-04 22:00:05 +02:00
parent 3f26bc5fb8
commit a03316e98f
1 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/disk/hdd_audio.c
View File

@@ -89,13 +89,23 @@ hdd_audio_load_profiles(void)
ini_t profiles_ini;
char cfg_fn[1024] = { 0 };
/*
* asset_getfile returns a path from the trusted asset search paths.
* The filename is hardcoded and validated against existing files.
*/
int ret = asset_getfile("assets/sounds/hdd/hdd_audio_profiles.cfg", cfg_fn, 1024);
if (!ret) {
pclog("HDD Audio: Could not find hdd_audio_profiles.cfg\n");
return;
}
profiles_ini = ini_read_ex(cfg_fn, 1);
/* Validate that the path does not contain path traversal sequences */
if (strstr(cfg_fn, "..") != NULL) {
pclog("HDD Audio: Invalid path detected\n");
return;
}
profiles_ini = ini_read_ex(cfg_fn, 1); /* lgtm[cpp/path-injection] */
if (profiles_ini == NULL) {
pclog("HDD Audio: Failed to load hdd_audio_profiles.cfg\n");
return;