From a20300bf1e863233e9044b1e6cba5a2ace85c05b Mon Sep 17 00:00:00 2001 From: kub Date: Sat, 12 Dec 2020 14:57:56 +0100 Subject: [PATCH] fixes for memory leaks and out of bounds memory access found by ASAN or gcc -flto --- cpu/cz80/cz80.c | 2 +- cpu/sh2/compiler.c | 5 +++++ pico/cd/cdd.c | 1 + pico/cd/cue.c | 13 ++++++------- pico/misc.c | 11 +++++++++-- pico/sound/ym2612.c | 2 ++ pico/state.c | 1 + platform/common/emu.c | 4 ++-- 8 files changed, 27 insertions(+), 12 deletions(-) diff --git a/cpu/cz80/cz80.c b/cpu/cz80/cz80.c index 51abc40f..1a3a676e 100644 --- a/cpu/cz80/cz80.c +++ b/cpu/cz80/cz80.c @@ -107,7 +107,7 @@ void Cz80_Init(cz80_struc *CPU) for (i = 0; i < CZ80_FETCH_BANK; i++) { - CPU->Fetch[i] = (FPTR)cz80_bad_address; + CPU->Fetch[i] = (FPTR)cz80_bad_address - (i << CZ80_FETCH_SFT); #if CZ80_ENCRYPTED_ROM CPU->OPFetch[i] = 0; #endif diff --git a/cpu/sh2/compiler.c b/cpu/sh2/compiler.c index 4ab42047..38e91223 100644 --- a/cpu/sh2/compiler.c +++ b/cpu/sh2/compiler.c @@ -5932,6 +5932,11 @@ void sh2_drc_finish(SH2 *sh2) free(hash_tables[i]); hash_tables[i] = NULL; } + + if (unresolved_links[i] != NULL) { + free(unresolved_links[i]); + unresolved_links[i] = NULL; + } } if (block_list_pool != NULL) diff --git a/pico/cd/cdd.c b/pico/cd/cdd.c index 66f370d0..81bc23b6 100644 --- a/pico/cd/cdd.c +++ b/pico/cd/cdd.c @@ -941,6 +941,7 @@ void cdd_process(void) case 0x01: /* Current Track Relative Time (MM:SS:FF) */ { int lba = cdd.lba - cdd.toc.tracks[cdd.index].start; + if (lba < 0) lba = 0; set_reg16(0x38, (cdd.status << 8) | 0x01); set_reg16(0x3a, lut_BCD_16[(lba/75)/60]); set_reg16(0x3c, lut_BCD_16[(lba/75)%60]); diff --git a/pico/cd/cue.c b/pico/cd/cue.c index bf521240..e8174ce1 100644 --- a/pico/cd/cue.c +++ b/pico/cd/cue.c @@ -71,11 +71,11 @@ static int get_ext(const char *fname, char ext[4], { int len, pos = 0; - len = strlen(fname); - if (len >= 3) - pos = len - 3; + len = strrchr(fname, '.') - fname; + if (len > 0) + pos = len; - strcpy(ext, fname + pos); + strcpy(ext, fname + pos + 1); if (base != NULL) { if (pos + 1 < base_size) @@ -153,9 +153,8 @@ cue_data_t *cue_parse(const char *fname) // the basename of cuefile, no path snprintf(cue_base, sizeof(cue_base), "%s", current_filep); - p = cue_base + strlen(cue_base); - if (p - 3 >= cue_base) - p[-3] = 0; + p = strrchr(cue_base, '.'); + if (p) p[1] = '\0'; data = calloc(1, sizeof(*data) + count_alloc * sizeof(cue_track)); if (data == NULL) diff --git a/pico/misc.c b/pico/misc.c index cf09688e..269ada32 100644 --- a/pico/misc.c +++ b/pico/misc.c @@ -196,8 +196,15 @@ PICO_INTERNAL_ASM void memset32(void *dest_in, int c, int count) dest[0] = dest[1] = dest[2] = dest[3] = dest[4] = dest[5] = dest[6] = dest[7] = c; - while (count--) - *dest++ = c; + switch (count) { + case 7: *dest++ = c; + case 6: *dest++ = c; + case 5: *dest++ = c; + case 4: *dest++ = c; + case 3: *dest++ = c; + case 2: *dest++ = c; + case 1: *dest++ = c; + } } void memset32_uncached(int *dest, int c, int count) { memset32(dest, c, count); } #endif diff --git a/pico/sound/ym2612.c b/pico/sound/ym2612.c index 622fff0b..1e8680a8 100644 --- a/pico/sound/ym2612.c +++ b/pico/sound/ym2612.c @@ -1470,6 +1470,8 @@ static void reset_channels(FM_CH *CH) CH[c].SLOT[s].Incr = -1; CH[c].SLOT[s].key = 0; CH[c].SLOT[s].phase = 0; + CH[c].SLOT[s].ar = CH[c].SLOT[s].ksr = 0; + CH[c].SLOT[s].ar_ksr = 0; CH[c].SLOT[s].ssg = CH[c].SLOT[s].ssgn = 0; CH[c].SLOT[s].state= EG_OFF; CH[c].SLOT[s].volume = MAX_ATT_INDEX; diff --git a/pico/state.c b/pico/state.c index 31853008..60cbdcca 100644 --- a/pico/state.c +++ b/pico/state.c @@ -783,6 +783,7 @@ void PicoTmpStateRestore(void *data) Pico32x.dirty_pal = 1; } #endif + free(t); } // vim:shiftwidth=2:ts=2:expandtab diff --git a/platform/common/emu.c b/platform/common/emu.c index e2186b06..35cb8355 100644 --- a/platform/common/emu.c +++ b/platform/common/emu.c @@ -131,8 +131,8 @@ static void fname_ext(char *dst, int dstlen, const char *prefix, const char *ext strncpy(dst + prefix_len, p, dstlen - prefix_len - 1); dst[dstlen - 8] = 0; - if (dst[strlen(dst) - 4] == '.') - dst[strlen(dst) - 4] = 0; + if ((p = strrchr(dst, '.')) != NULL) + dst[p-dst] = 0; if (ext) strcat(dst, ext); } -- 2.39.2