dep/libchdr: Correctness fixes for 9e5deb8

stenzek · Oct 30, 2024 · 97f94f4 · 97f94f4
1 parent 63330df
commit 97f94f4
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 18 deletions.
diff --git a/dep/libchdr/src/libchdr_chd.c b/dep/libchdr/src/libchdr_chd.c
@@ -715,26 +715,28 @@ static chd_error cdlz_codec_decompress(void *codec, const uint8_t *src, uint32_t
 	uint32_t framenum;
 	cdlz_codec_data* cdlz = (cdlz_codec_data*)codec;
 	chd_error decomp_err;
+	uint32_t complen_base;
 
 	/* determine header bytes */
 	const uint32_t frames = destlen / CD_FRAME_SIZE;
 	const uint32_t complen_bytes = (destlen < 65536) ? 2 : 3;
 	const uint32_t ecc_bytes = (frames + 7) / 8;
 	const uint32_t header_bytes = ecc_bytes + complen_bytes;
 
-	/* input may be truncated, double-check. both bytes, plus at least one input byte, or the third */
-	if ((ecc_bytes + 2) > complen)
+	/* input may be truncated, double-check */
+	if (complen < (ecc_bytes + 2))
 		return CHDERR_DECOMPRESSION_ERROR;
 
 	/* extract compressed length of base */
-	uint32_t complen_base = (src[ecc_bytes + 0] << 8) | src[ecc_bytes + 1];
+	complen_base = (src[ecc_bytes + 0] << 8) | src[ecc_bytes + 1];
 	if (complen_bytes > 2)
 	{
-		complen_base = (complen_base << 8) | src[ecc_bytes + 2];
-		if ((ecc_bytes + 3) > complen)
+		if (complen < (ecc_bytes + 3))
 			return CHDERR_DECOMPRESSION_ERROR;
+
+		complen_base = (complen_base << 8) | src[ecc_bytes + 2];
 	}
-	if ((header_bytes + complen_base) > complen)
+	if (complen < (header_bytes + complen_base))
 		return CHDERR_DECOMPRESSION_ERROR;
 
 	/* reset and decode */
@@ -813,26 +815,28 @@ static chd_error cdzl_codec_decompress(void *codec, const uint8_t *src, uint32_t
 	uint32_t framenum;
 	cdzl_codec_data* cdzl = (cdzl_codec_data*)codec;
 	chd_error decomp_err;
+	uint32_t complen_base;
 
 	/* determine header bytes */
 	const uint32_t frames = destlen / CD_FRAME_SIZE;
 	const uint32_t complen_bytes = (destlen < 65536) ? 2 : 3;
 	const uint32_t ecc_bytes = (frames + 7) / 8;
 	const uint32_t header_bytes = ecc_bytes + complen_bytes;
 
-	/* input may be truncated, double-check. both bytes, plus at least one input byte, or the third */
-	if ((ecc_bytes + 2) > complen)
+	/* input may be truncated, double-check */
+	if (complen < (ecc_bytes + 2))
 		return CHDERR_DECOMPRESSION_ERROR;
 
 	/* extract compressed length of base */
-	uint32_t complen_base = (src[ecc_bytes + 0] << 8) | src[ecc_bytes + 1];
+	complen_base = (src[ecc_bytes + 0] << 8) | src[ecc_bytes + 1];
 	if (complen_bytes > 2)
 	{
-		complen_base = (complen_base << 8) | src[ecc_bytes + 2];
-		if ((ecc_bytes + 3) > complen)
+		if (complen < (ecc_bytes + 3))
 			return CHDERR_DECOMPRESSION_ERROR;
+
+		complen_base = (complen_base << 8) | src[ecc_bytes + 2];
 	}
-	if ((header_bytes + complen_base) > complen)
+	if (complen < (header_bytes + complen_base))
 		return CHDERR_DECOMPRESSION_ERROR;
 
 	/* reset and decode */
@@ -1188,26 +1192,28 @@ static chd_error cdzs_codec_decompress(void *codec, const uint8_t *src, uint32_t
 	uint32_t framenum;
 	cdzs_codec_data* cdzs = (cdzs_codec_data*)codec;
 	chd_error decomp_err;
+	uint32_t complen_base;
 
 	/* determine header bytes */
 	const uint32_t frames = destlen / CD_FRAME_SIZE;
 	const uint32_t complen_bytes = (destlen < 65536) ? 2 : 3;
 	const uint32_t ecc_bytes = (frames + 7) / 8;
 	const uint32_t header_bytes = ecc_bytes + complen_bytes;
 
-	/* input may be truncated, double-check. both bytes, plus at least one input byte, or the third */
-	if ((ecc_bytes + 2) > complen)
+	/* input may be truncated, double-check */
+	if (complen < (ecc_bytes + 2))
 		return CHDERR_DECOMPRESSION_ERROR;
 
 	/* extract compressed length of base */
-	uint32_t complen_base = (src[ecc_bytes + 0] << 8) | src[ecc_bytes + 1];
+	complen_base = (src[ecc_bytes + 0] << 8) | src[ecc_bytes + 1];
 	if (complen_bytes > 2)
 	{
-		complen_base = (complen_base << 8) | src[ecc_bytes + 2];
-		if ((ecc_bytes + 3) > complen)
+		if (complen < (ecc_bytes + 3))
 			return CHDERR_DECOMPRESSION_ERROR;
+
+		complen_base = (complen_base << 8) | src[ecc_bytes + 2];
 	}
-	if ((header_bytes + complen_base) > complen)
+	if (complen < (header_bytes + complen_base))
 		return CHDERR_DECOMPRESSION_ERROR;
 
 	/* reset and decode */

diff --git a/dep/libchdr/src/link.T b/dep/libchdr/src/link.T
@@ -0,0 +1,5 @@
+{
+   global: chd_*;
+   local: *;
+};
+