fixes for memory leaks and out of bounds memory access found by ASAN or gcc -flto

2025-09-05 07:17:45 -04:00 · 2020-12-12 14:57:56 +01:00 · 2020-12-12 14:57:56 +01:00 · a20300bf1e
commit a20300bf1e
parent bb70cc6e66
8 changed files with 27 additions and 12 deletions
--- a/cpu/cz80/cz80.c
+++ b/cpu/cz80/cz80.c
@ -107,7 +107,7 @@ void Cz80_Init(cz80_struc *CPU)

 	for (i = 0; i < CZ80_FETCH_BANK; i++)
 	{
-		CPU->Fetch[i] = (FPTR)cz80_bad_address;
+		CPU->Fetch[i] = (FPTR)cz80_bad_address - (i << CZ80_FETCH_SFT);
 #if CZ80_ENCRYPTED_ROM
 		CPU->OPFetch[i] = 0;
 #endif
--- a/cpu/sh2/compiler.c
+++ b/cpu/sh2/compiler.c
@ -5932,6 +5932,11 @@ void sh2_drc_finish(SH2 *sh2)
      free(hash_tables[i]);
      hash_tables[i] = NULL;
    }
+
+    if (unresolved_links[i] != NULL) {
+      free(unresolved_links[i]);
+      unresolved_links[i] = NULL;
+    }
  }

  if (block_list_pool != NULL)
--- a/pico/cd/cdd.c
+++ b/pico/cd/cdd.c
@ -941,6 +941,7 @@ void cdd_process(void)
        case 0x01:  /* Current Track Relative Time (MM:SS:FF) */
        {
          int lba = cdd.lba - cdd.toc.tracks[cdd.index].start;
+          if (lba < 0) lba = 0;
          set_reg16(0x38, (cdd.status << 8) | 0x01);
          set_reg16(0x3a, lut_BCD_16[(lba/75)/60]);
          set_reg16(0x3c, lut_BCD_16[(lba/75)%60]);
--- a/pico/cd/cue.c
+++ b/pico/cd/cue.c
@ -71,11 +71,11 @@ static int get_ext(const char *fname, char ext[4],
 {
 	int len, pos = 0;
 	
-	len = strlen(fname);
-	if (len >= 3)
-		pos = len - 3;
+	len = strrchr(fname, '.') - fname;
+	if (len > 0)
+		pos = len;

-	strcpy(ext, fname + pos);
+	strcpy(ext, fname + pos + 1);

 	if (base != NULL) {
 		if (pos + 1 < base_size)
@ -153,9 +153,8 @@ cue_data_t *cue_parse(const char *fname)

 	// the basename of cuefile, no path
 	snprintf(cue_base, sizeof(cue_base), "%s", current_filep);
-	p = cue_base + strlen(cue_base);
-	if (p - 3 >= cue_base)
-		p[-3] = 0;
+	p = strrchr(cue_base, '.');
+	if (p)	p[1] = '\0';

 	data = calloc(1, sizeof(*data) + count_alloc * sizeof(cue_track));
 	if (data == NULL)
--- a/pico/misc.c
+++ b/pico/misc.c
@ -196,8 +196,15 @@ PICO_INTERNAL_ASM void memset32(void *dest_in, int c, int count)
 		dest[0] = dest[1] = dest[2] = dest[3] =
 		dest[4] = dest[5] = dest[6] = dest[7] = c;

-	while (count--)
-		*dest++ = c;
+	switch (count) {
+		case 7: *dest++ = c;
+		case 6: *dest++ = c;
+		case 5: *dest++ = c;
+		case 4: *dest++ = c;
+		case 3: *dest++ = c;
+		case 2: *dest++ = c;
+		case 1: *dest++ = c;
+	}
 }
 void memset32_uncached(int *dest, int c, int count) { memset32(dest, c, count); }
 #endif
--- a/pico/sound/ym2612.c
+++ b/pico/sound/ym2612.c
@ -1470,6 +1470,8 @@ static void reset_channels(FM_CH *CH)
 			CH[c].SLOT[s].Incr = -1;
 			CH[c].SLOT[s].key = 0;
 			CH[c].SLOT[s].phase = 0;
+			CH[c].SLOT[s].ar = CH[c].SLOT[s].ksr = 0;
+			CH[c].SLOT[s].ar_ksr = 0;
 			CH[c].SLOT[s].ssg = CH[c].SLOT[s].ssgn = 0;
 			CH[c].SLOT[s].state= EG_OFF;
 			CH[c].SLOT[s].volume = MAX_ATT_INDEX;
--- a/pico/state.c
+++ b/pico/state.c
@ -783,6 +783,7 @@ void PicoTmpStateRestore(void *data)
    Pico32x.dirty_pal = 1;
  }
 #endif
+  free(t);
 }

 // vim:shiftwidth=2:ts=2:expandtab
--- a/platform/common/emu.c
+++ b/platform/common/emu.c
@ -131,8 +131,8 @@ static void fname_ext(char *dst, int dstlen, const char *prefix, const char *ext
 	strncpy(dst + prefix_len, p, dstlen - prefix_len - 1);

 	dst[dstlen - 8] = 0;
-	if (dst[strlen(dst) - 4] == '.')
-		dst[strlen(dst) - 4] = 0;
+	if ((p = strrchr(dst, '.')) != NULL)
+		dst[p-dst] = 0;
 	if (ext)
 		strcat(dst, ext);
 }