punesemu / puNES

Qt-based Nintendo Entertaiment System emulator and NSF/NSF2/NSFe Music Player (Linux, FreeBSD, OpenBSD and Windows)
GNU General Public License v2.0
658 stars 42 forks source link

mapper 17, submapper 3 : possible buffer overflow #398

Closed negativeExponent closed 6 months ago

negativeExponent commented 7 months ago

possible buffer-overflow in mapper 17, submapper 3 (there is only one game, that SD gundam 3 thing)

this game sets wram @ 8K. by default extraram is 4096. The game sets trainer load address at $5F00, meaning it will use the extraRAM area, leaving only 256 bytes to copy to destination. but the trainer size is always 512 bytes causing overflow to occur (at least on my fork of fceumm). was the data suppose to overflow into the wram address (although the remaining 128 bytes only contains $00)? not sure if you considered this and already padded your pointer destinations or was it a compiler option that has memcpy ignore the overflow area. Although your emu does not appear to cause issue, it may still be a possible problem.

punesemu commented 6 months ago

As always, thank you very much for the report, I will check if I have the same problem.

punesemu commented 6 months ago

I already handled this eventuality, thanks anyway for the warning.