fixes for memory leaks and out of bounds memory access found by ASAN or gcc -flto

author kub <derkub@gmail.com>

Sat, 12 Dec 2020 13:57:56 +0000 (14:57 +0100)

committer kub <derkub@gmail.com>

Sat, 12 Dec 2020 13:57:56 +0000 (14:57 +0100)
author kub <derkub@gmail.com>
Sat, 12 Dec 2020 13:57:56 +0000 (14:57 +0100)
committer kub <derkub@gmail.com>
Sat, 12 Dec 2020 13:57:56 +0000 (14:57 +0100)
diff --git a/cpu/cz80/cz80.c b/cpu/cz80/cz80.c

index 51abc40..1a3a676 100644 (file)
--- a/cpu/cz80/cz80.c
+++ b/cpu/cz80/cz80.c
@@ -107,7 +107,7 @@ void Cz80_Init(cz80_struc *CPU)
  \r
         for (i = 0; i < CZ80_FETCH_BANK; i++)\r
         {\r
-               CPU->Fetch[i] = (FPTR)cz80_bad_address;\r
+               CPU->Fetch[i] = (FPTR)cz80_bad_address - (i << CZ80_FETCH_SFT);\r
  #if CZ80_ENCRYPTED_ROM\r
                 CPU->OPFetch[i] = 0;\r
  #endif\r
diff --git a/cpu/sh2/compiler.c b/cpu/sh2/compiler.c

index 4ab4204..38e9122 100644 (file)
--- a/cpu/sh2/compiler.c
+++ b/cpu/sh2/compiler.c
@@ -5932,6 +5932,11 @@ void sh2_drc_finish(SH2 *sh2)
        free(hash_tables[i]);
        hash_tables[i] = NULL;
      }
+
+    if (unresolved_links[i] != NULL) {
+      free(unresolved_links[i]);
+      unresolved_links[i] = NULL;
+    }
    }
  
    if (block_list_pool != NULL)
diff --git a/pico/cd/cdd.c b/pico/cd/cdd.c

index 66f370d..81bc23b 100644 (file)
--- a/pico/cd/cdd.c
+++ b/pico/cd/cdd.c
@@ -941,6 +941,7 @@ void cdd_process(void)
          case 0x01:  /* Current Track Relative Time (MM:SS:FF) */
          {
            int lba = cdd.lba - cdd.toc.tracks[cdd.index].start;
+          if (lba < 0) lba = 0;
            set_reg16(0x38, (cdd.status << 8) | 0x01);
            set_reg16(0x3a, lut_BCD_16[(lba/75)/60]);
            set_reg16(0x3c, lut_BCD_16[(lba/75)%60]);
diff --git a/pico/cd/cue.c b/pico/cd/cue.c

index bf52124..e8174ce 100644 (file)
--- a/pico/cd/cue.c
+++ b/pico/cd/cue.c
@@ -71,11 +71,11 @@ static int get_ext(const char *fname, char ext[4],
  {
         int len, pos = 0;
         
-       len = strlen(fname);
-       if (len >= 3)
-               pos = len - 3;
+       len = strrchr(fname, '.') - fname;
+       if (len > 0)
+               pos = len;
  
-       strcpy(ext, fname + pos);
+       strcpy(ext, fname + pos + 1);
  
         if (base != NULL) {
                 if (pos + 1 < base_size)
@@ -153,9 +153,8 @@ cue_data_t *cue_parse(const char *fname)
  
         // the basename of cuefile, no path
         snprintf(cue_base, sizeof(cue_base), "%s", current_filep);
-       p = cue_base + strlen(cue_base);
-       if (p - 3 >= cue_base)
-               p[-3] = 0;
+       p = strrchr(cue_base, '.');
+       if (p)  p[1] = '\0';
  
         data = calloc(1, sizeof(*data) + count_alloc * sizeof(cue_track));
         if (data == NULL)
diff --git a/pico/misc.c b/pico/misc.c

index cf09688..269ada3 100644 (file)
--- a/pico/misc.c
+++ b/pico/misc.c
@@ -196,8 +196,15 @@ PICO_INTERNAL_ASM void memset32(void *dest_in, int c, int count)
                 dest[0] = dest[1] = dest[2] = dest[3] =\r
                 dest[4] = dest[5] = dest[6] = dest[7] = c;\r
  \r
-       while (count--)\r
-               *dest++ = c;\r
+       switch (count) {\r
+               case 7: *dest++ = c;\r
+               case 6: *dest++ = c;\r
+               case 5: *dest++ = c;\r
+               case 4: *dest++ = c;\r
+               case 3: *dest++ = c;\r
+               case 2: *dest++ = c;\r
+               case 1: *dest++ = c;\r
+       }\r
  }\r
  void memset32_uncached(int *dest, int c, int count) { memset32(dest, c, count); }\r
  #endif\r
diff --git a/pico/sound/ym2612.c b/pico/sound/ym2612.c

index 622fff0..1e8680a 100644 (file)
--- a/pico/sound/ym2612.c
+++ b/pico/sound/ym2612.c
@@ -1470,6 +1470,8 @@ static void reset_channels(FM_CH *CH)
                         CH[c].SLOT[s].Incr = -1;\r
                         CH[c].SLOT[s].key = 0;\r
                         CH[c].SLOT[s].phase = 0;\r
+                       CH[c].SLOT[s].ar = CH[c].SLOT[s].ksr = 0;\r
+                       CH[c].SLOT[s].ar_ksr = 0;\r
                         CH[c].SLOT[s].ssg = CH[c].SLOT[s].ssgn = 0;\r
                         CH[c].SLOT[s].state= EG_OFF;\r
                         CH[c].SLOT[s].volume = MAX_ATT_INDEX;\r
diff --git a/pico/state.c b/pico/state.c

index 3185300..60cbdcc 100644 (file)
--- a/pico/state.c
+++ b/pico/state.c
@@ -783,6 +783,7 @@ void PicoTmpStateRestore(void *data)
      Pico32x.dirty_pal = 1;\r
    }\r
  #endif\r
+  free(t);\r
  }\r
  \r
  // vim:shiftwidth=2:ts=2:expandtab\r
diff --git a/platform/common/emu.c b/platform/common/emu.c

index e2186b0..35cb835 100644 (file)
--- a/platform/common/emu.c
+++ b/platform/common/emu.c
@@ -131,8 +131,8 @@ static void fname_ext(char *dst, int dstlen, const char *prefix, const char *ext
         strncpy(dst + prefix_len, p, dstlen - prefix_len - 1);\r
  \r
         dst[dstlen - 8] = 0;\r
-       if (dst[strlen(dst) - 4] == '.')\r
-               dst[strlen(dst) - 4] = 0;\r
+       if ((p = strrchr(dst, '.')) != NULL)\r
+               dst[p-dst] = 0;\r
         if (ext)\r
                 strcat(dst, ext);\r
  }\r
author	kub <derkub@gmail.com>
	Sat, 12 Dec 2020 13:57:56 +0000 (14:57 +0100)
committer	kub <derkub@gmail.com>
	Sat, 12 Dec 2020 13:57:56 +0000 (14:57 +0100)
cpu/cz80/cz80.c		patch \| blob \| blame \| history
cpu/sh2/compiler.c		patch \| blob \| blame \| history
pico/cd/cdd.c		patch \| blob \| blame \| history
pico/cd/cue.c		patch \| blob \| blame \| history
pico/misc.c		patch \| blob \| blame \| history
pico/sound/ym2612.c		patch \| blob \| blame \| history
pico/state.c		patch \| blob \| blame \| history
platform/common/emu.c		patch \| blob \| blame \| history