Skip to content

Commit 3f22b43

Browse files
ecm-pushbxecm-pushbx
committed
loadhigh.c: put maximum array sizes in defines and check for overflow
1 parent ae9a18e commit 3f22b43

File tree

1 file changed

+34
-3
lines changed

1 file changed

+34
-3
lines changed

shell/loadhigh.c

+34-3
Original file line numberDiff line numberDiff line change
@@ -53,6 +53,10 @@
5353
#define mcbNext(mcb) mcbAssign(mcb, nxtMCB(FP_SEG(mcb)))
5454
#define DosAlloc(value) DOSalloc((value), 0xF)
5555

56+
#define BLOCKMAX 256
57+
#define AVAILBLOCKMAX 256
58+
#define REGIONMAX 64
59+
5660
enum error_codes
5761
{
5862
err_help = -1, OK,
@@ -154,7 +158,7 @@ static int initialise(void)
154158
optS = 0;
155159

156160
/* Allocate dynamic memory for some arrays */
157-
if ((block = malloc(256 * sizeof(*block))) == 0)
161+
if ((block = malloc(BLOCKMAX * sizeof(*block))) == 0)
158162
return err_out_of_memory;
159163

160164
#ifdef FEATURE_XMS_SWAP
@@ -177,7 +181,7 @@ static int initialise(void)
177181
}
178182
#endif
179183

180-
if ((umbRegion = malloc(64 * sizeof(*umbRegion))) == 0)
184+
if ((umbRegion = malloc(REGIONMAX * sizeof(*umbRegion))) == 0)
181185
return err_out_of_memory;
182186

183187
/* find the UMB regions */
@@ -348,6 +352,9 @@ static int findUMBRegions(void)
348352
{
349353
region->end = FP_SEG(mcb) - 1;
350354
if (! (mcb->mcb_type == 'Z' && 0 == mcb->mcb_size)) {
355+
if ((region - umbRegion) >= REGIONMAX) {
356+
return err_out_of_memory;
357+
}
351358
region++;
352359
region->start = 0;
353360
}
@@ -371,6 +378,9 @@ static int findUMBRegions(void)
371378
region->end = umb_mcb->mcb_ownerPSP + umb_mcb->mcb_size - 1;
372379
if ((sig = umb_mcb->mcb_type) == 'M')
373380
region->end--;
381+
if ((region - umbRegion) >= REGIONMAX) {
382+
return err_out_of_memory;
383+
}
374384
region++;
375385
region->start = 0;
376386
mcbAssign(mcb, FP_SEG(umb_mcb) + umb_mcb->mcb_size);
@@ -385,6 +395,9 @@ static int findUMBRegions(void)
385395
if (sig == 'Z')
386396
{
387397
region->end = FP_SEG(mcb) + mcb->mcb_size;
398+
if ((region - umbRegion) >= REGIONMAX) {
399+
return err_out_of_memory;
400+
}
388401
region++;
389402
break;
390403
}
@@ -428,7 +441,7 @@ static int loadhigh_prepare(void)
428441
dosSetUMBLinkState(1);
429442
dosSetAllocStrategy(0);
430443

431-
if ((availBlock = malloc(256 * sizeof(*availBlock))) == 0)
444+
if ((availBlock = malloc(AVAILBLOCKMAX * sizeof(*availBlock))) == 0)
432445
return err_out_of_memory;
433446

434447
/* Call to force DOS to catenate any successive free memory blocks */
@@ -487,6 +500,13 @@ static int loadhigh_prepare(void)
487500
mcb->mcb_size >= region->minSize))
488501
{
489502

503+
if (availBlocks >= AVAILBLOCKMAX) {
504+
DOSfree(bl);
505+
for (i = 0; i < availBlocks; i++)
506+
DOSfree(availBlock[i]);
507+
free(availBlock);
508+
return err_out_of_memory;
509+
}
490510
availBlock[availBlocks++] = bl;
491511

492512
if (optS)
@@ -507,6 +527,13 @@ static int loadhigh_prepare(void)
507527
continue;
508528
}
509529
}
530+
if (allocatedBlocks >= BLOCKMAX) {
531+
DOSfree(bl);
532+
for (i = 0; i < availBlocks; i++)
533+
DOSfree(availBlock[i]);
534+
free(availBlock);
535+
return err_out_of_memory;
536+
}
510537
block[allocatedBlocks++] = bl; /* no access to this block */
511538
}
512539
}
@@ -579,6 +606,10 @@ static int loadfix_prepare(void)
579606

580607
dprintf(("loadfix: allocated 0x%04x\n",bl));
581608
DOSresize(bl, 0x1000 - bl);
609+
if (allocatedBlocks >= BLOCKMAX) {
610+
DOSfree(bl);
611+
return err_out_of_memory;
612+
}
582613
block[allocatedBlocks++] = bl;
583614
}
584615

0 commit comments

Comments
 (0)