Previous 199869 Revisions Next

r25349 Monday 16th September, 2013 at 15:15:57 UTC by Oliver Stöneberg
fixed unnecessary checks of unsigned variable and endless loop/array out-of-bounds access in src/mess/tools/imgtool/modules/bml3.c (nw)
[src/mess/tools/imgtool/modules]bml3.c

trunk/src/mess/tools/imgtool/modules/bml3.c
r25348r25349
394394         ferr = read_granule(img, granule_list->granules[granule_list->granule_count-1], info->sector_size * (granule_list->last_granule_sectors - 1), info->sector_size, buf);
395395         if (ferr)
396396            return imgtool_floppy_error(ferr);
397         for (last_sector_bytes = info->sector_size - 1; last_sector_bytes >= 0; last_sector_bytes--) {
397         for (last_sector_bytes = info->sector_size - 1; ; last_sector_bytes--) {
398398            if (buf[last_sector_bytes] != 0)
399399               break;
400            if (last_sector_bytes == 0)
401               break;
400402         }
401403         if (buf[last_sector_bytes] != 0x1a) {
402404            last_sector_bytes++;
r25348r25349
409411   }
410412
411413   // TODO is it valid for last_sector_bytes == 0?
412   if (last_sector_bytes < 0 || last_sector_bytes > info->sector_size) {
414   if (last_sector_bytes > info->sector_size) {
413415      return IMGTOOLERR_CORRUPTIMAGE;
414416   }
415417   *size += last_sector_bytes;

Previous 199869 Revisions Next

© 1997-2024 The MAME Team