Implement bounds checking for sector addresses in read/write functions

2025-12-16 19:24:40 +00:00 · 2025-10-02 17:29:13 +01:00
parent a8f39093bb
commit 87db877873
2 changed files with 45 additions and 8 deletions
--- a/src/read.c
+++ b/src/read.c
@@ -273,11 +273,19 @@ int32_t aaruf_read_sector(void *context, const uint64_t sector_address, bool neg
        return AARUF_ERROR_NOT_AARUFORMAT;
    }

-    if(sector_address > ctx->imageInfo.Sectors - 1)
+    if(negative && sector_address > ctx->userDataDdtHeader.negative - 1)
    {
        FATAL("Sector address out of bounds");

-        TRACE("Exiting aaruf_read_sector() = AARUF_ERROR_SECTOR_OUT_OF_BOUNDS");
+        TRACE("Exiting aaruf_write_sector() = AARUF_ERROR_SECTOR_OUT_OF_BOUNDS");
+        return AARUF_ERROR_SECTOR_OUT_OF_BOUNDS;
+    }
+
+    if(!negative && sector_address > ctx->imageInfo.Sectors + ctx->userDataDdtHeader.overflow - 1)
+    {
+        FATAL("Sector address out of bounds");
+
+        TRACE("Exiting aaruf_write_sector() = AARUF_ERROR_SECTOR_OUT_OF_BOUNDS");
        return AARUF_ERROR_SECTOR_OUT_OF_BOUNDS;
    }

@@ -751,7 +759,8 @@ int32_t aaruf_read_track_sector(void *context, uint8_t *data, const uint64_t sec
 * @warning Not all AaruFormat images contain the metadata necessary for long sector
 *          reading. Some images may only support basic sector reading via aaruf_read_sector().
 */
-int32_t aaruf_read_sector_long(void *context, const uint64_t sector_address, bool negative, uint8_t *data, uint32_t *length)
+int32_t aaruf_read_sector_long(void *context, const uint64_t sector_address, bool negative, uint8_t *data,
+                               uint32_t *length)
 {
    TRACE("Entering aaruf_read_sector_long(%p, %" PRIu64 ", %d, %p, %u)", context, sector_address, data, *length);

@@ -783,6 +792,22 @@ int32_t aaruf_read_sector_long(void *context, const uint64_t sector_address, boo
        return AARUF_ERROR_NOT_AARUFORMAT;
    }

+    if(negative && sector_address > ctx->userDataDdtHeader.negative - 1)
+    {
+        FATAL("Sector address out of bounds");
+
+        TRACE("Exiting aaruf_write_sector() = AARUF_ERROR_SECTOR_OUT_OF_BOUNDS");
+        return AARUF_ERROR_SECTOR_OUT_OF_BOUNDS;
+    }
+
+    if(!negative && sector_address > ctx->imageInfo.Sectors + ctx->userDataDdtHeader.overflow - 1)
+    {
+        FATAL("Sector address out of bounds");
+
+        TRACE("Exiting aaruf_write_sector() = AARUF_ERROR_SECTOR_OUT_OF_BOUNDS");
+        return AARUF_ERROR_SECTOR_OUT_OF_BOUNDS;
+    }
+
    uint64_t corrected_sector_address = sector_address;

    // Calculate positive or negative sector
@@ -981,7 +1006,8 @@ int32_t aaruf_read_sector_long(void *context, const uint64_t sector_address, boo
                case AppleSonyDS:
                case AppleWidget:
                case PriamDataTower:
-                    if(ctx->sectorSubchannel == NULL) return aaruf_read_sector(context, sector_address, negative, data, length);
+                    if(ctx->sectorSubchannel == NULL)
+                        return aaruf_read_sector(context, sector_address, negative, data, length);

                    switch(ctx->imageInfo.MediaType)
                    {
--- a/src/write.c
+++ b/src/write.c
@@ -93,9 +93,6 @@
 *
 * @warning The function may trigger automatic block closure, which can result in disk I/O
 *          operations and potential write errors even for seemingly simple sector writes.
- *
- * @warning No bounds checking is performed on sector_address. Writing beyond media limits
- *          may result in undefined behavior (TODO: implement bounds checking).
 */
 int32_t aaruf_write_sector(void *context, uint64_t sector_address, bool negative, const uint8_t *data,
                           uint8_t sector_status, uint32_t length)
@@ -132,7 +129,21 @@ int32_t aaruf_write_sector(void *context, uint64_t sector_address, bool negative
        return AARUF_READ_ONLY;
    }

-    // TODO: Check not trying to write beyond media limits
+    if(negative && sector_address > ctx->userDataDdtHeader.negative - 1)
+    {
+        FATAL("Sector address out of bounds");
+
+        TRACE("Exiting aaruf_write_sector() = AARUF_ERROR_SECTOR_OUT_OF_BOUNDS");
+        return AARUF_ERROR_SECTOR_OUT_OF_BOUNDS;
+    }
+
+    if(!negative && sector_address > ctx->imageInfo.Sectors + ctx->userDataDdtHeader.overflow - 1)
+    {
+        FATAL("Sector address out of bounds");
+
+        TRACE("Exiting aaruf_write_sector() = AARUF_ERROR_SECTOR_OUT_OF_BOUNDS");
+        return AARUF_ERROR_SECTOR_OUT_OF_BOUNDS;
+    }

    // TODO: Check rewinded for disabling checksums