dan/TIC-80-guile
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

better bounds checking for memcpy, memset

Browse Source
This commit is contained in:
death
2017-10-17 07:00:45 +03:00
parent cd101d429a
commit 48f61d7b80
2 changed files with 8 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/luaapi.c
View File

@@ -759,14 +759,13 @@ static s32 lua_memcpy(lua_State* lua)
s32 dest = getLuaNumber(lua, 1);
s32 src = getLuaNumber(lua, 2);
s32 size = getLuaNumber(lua, 3);
s32 dstBound = sizeof(tic_ram) - size;
s32 srcBound = sizeof(tic_mem) - size;
s32 bound = sizeof(tic_ram) - size;
if(dest < dstBound && src < srcBound)
if(size >= 0 && size <= sizeof(tic_ram) && dest >= 0 && src >= 0 && dest <= bound && src <= bound)
{
u8* base = (u8*)&getLuaMachine(lua)->memory;
memcpy(base + dest, base + src, size);
return 0;
return 0;
}
}
@@ -786,11 +785,11 @@ static s32 lua_memset(lua_State* lua)
s32 size = getLuaNumber(lua, 3);
s32 bound = sizeof(tic_ram) - size;
if(dest < bound)
if(size >= 0 && size <= sizeof(tic_ram) && dest >= 0 && dest <= bound)
{
u8* base = (u8*)&getLuaMachine(lua)->memory;
memset(base + dest, value, size);
return 0;
return 0;
}
}