search

bitfixer / bf-romulator

Romulator - RAM/ROM replacement and debug for 6502 CPU systems
146 stars 22 forks source link

D1-mini : Buffer Overflow on Reading Long Configuration File Lines #21

Open dennowiggle opened 1 year ago

dennowiggle commented 1 year ago

In function handleCharacterRom() in file "rServer.cpp" buffer overflow can occur when reading the config file if a line is longer than 128 characters such as a comment line. This happened to me resulting in a segmentation fault and crash.

Fix is to limit reads to 128 bytes maximum. Add the start of the file add the following

define MAX_LINE_CHARS 128

Line 158 change char line[128]; to char line[MAX_LINE_CHARS];

Between line 215 and 216 add if (numchars > MAX_LINE_CHARS) numchars = MAX_LINE_CHARS

such that the code now looks like this while (!found) { while (end != '\n' && end != 0 && end - tableBegin < enableTableLen) { end++; }

    int numchars = end-start;  
    if (numchars > MAX_LINE_CHARS) numchars = MAX_LINE_CHARS;
    strncpy(line, start, numchars);
    line[numchars] = 0;
dennowiggle commented 1 year ago

Right now the config file "enable_table.csv" needs to be manually copied to the data directory of the romulator-programmer-debugger. It would be nice to have makefile automate this action if you have the time to implement this.