aaru-dps/libaaruformat
1
0
Fork 0
mirror of https://github.com/aaru-dps/libaaruformat.git synced 2025-12-16 19:24:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

Implement bounds checking for sector addresses in read/write functions

Browse Source
This commit is contained in:
Natalia Portillo
2025-10-02 17:29:13 +01:00
parent a8f39093bb
commit 87db877873
2 changed files with 45 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
src/read.c
View File

@@ -273,11 +273,19 @@ int32_t aaruf_read_sector(void *context, const uint64_t sector_address, bool neg
return AARUF_ERROR_NOT_AARUFORMAT; return AARUF_ERROR_NOT_AARUFORMAT;
} }
if(sector_address > ctx->imageInfo.Sectors - 1) if(negative && sector_address > ctx->userDataDdtHeader.negative - 1)
{ {
FATAL("Sector address out of bounds"); FATAL("Sector address out of bounds");
TRACE("Exiting aaruf_read_sector() = AARUF_ERROR_SECTOR_OUT_OF_BOUNDS"); TRACE("Exiting aaruf_write_sector() = AARUF_ERROR_SECTOR_OUT_OF_BOUNDS");
return AARUF_ERROR_SECTOR_OUT_OF_BOUNDS;
}
if(!negative && sector_address > ctx->imageInfo.Sectors + ctx->userDataDdtHeader.overflow - 1)
{
FATAL("Sector address out of bounds");
TRACE("Exiting aaruf_write_sector() = AARUF_ERROR_SECTOR_OUT_OF_BOUNDS");
return AARUF_ERROR_SECTOR_OUT_OF_BOUNDS; return AARUF_ERROR_SECTOR_OUT_OF_BOUNDS;
} }
@@ -751,7 +759,8 @@ int32_t aaruf_read_track_sector(void *context, uint8_t *data, const uint64_t sec
* @warning Not all AaruFormat images contain the metadata necessary for long sector * @warning Not all AaruFormat images contain the metadata necessary for long sector
* reading. Some images may only support basic sector reading via aaruf_read_sector(). * reading. Some images may only support basic sector reading via aaruf_read_sector().
*/ */
int32_t aaruf_read_sector_long(void *context, const uint64_t sector_address, bool negative, uint8_t *data, uint32_t *length) int32_t aaruf_read_sector_long(void *context, const uint64_t sector_address, bool negative, uint8_t *data,
uint32_t *length)
{ {
TRACE("Entering aaruf_read_sector_long(%p, %" PRIu64 ", %d, %p, %u)", context, sector_address, data, *length); TRACE("Entering aaruf_read_sector_long(%p, %" PRIu64 ", %d, %p, %u)", context, sector_address, data, *length);
@@ -783,6 +792,22 @@ int32_t aaruf_read_sector_long(void *context, const uint64_t sector_address, boo
return AARUF_ERROR_NOT_AARUFORMAT; return AARUF_ERROR_NOT_AARUFORMAT;
} }
if(negative && sector_address > ctx->userDataDdtHeader.negative - 1)
{
FATAL("Sector address out of bounds");
TRACE("Exiting aaruf_write_sector() = AARUF_ERROR_SECTOR_OUT_OF_BOUNDS");
return AARUF_ERROR_SECTOR_OUT_OF_BOUNDS;
}
if(!negative && sector_address > ctx->imageInfo.Sectors + ctx->userDataDdtHeader.overflow - 1)
{
FATAL("Sector address out of bounds");
TRACE("Exiting aaruf_write_sector() = AARUF_ERROR_SECTOR_OUT_OF_BOUNDS");
return AARUF_ERROR_SECTOR_OUT_OF_BOUNDS;
}
uint64_t corrected_sector_address = sector_address; uint64_t corrected_sector_address = sector_address;
// Calculate positive or negative sector // Calculate positive or negative sector
@@ -981,7 +1006,8 @@ int32_t aaruf_read_sector_long(void *context, const uint64_t sector_address, boo
case AppleSonyDS: case AppleSonyDS:
case AppleWidget: case AppleWidget:
case PriamDataTower: case PriamDataTower:
if(ctx->sectorSubchannel == NULL) return aaruf_read_sector(context, sector_address, negative, data, length); if(ctx->sectorSubchannel == NULL)
return aaruf_read_sector(context, sector_address, negative, data, length);
switch(ctx->imageInfo.MediaType) switch(ctx->imageInfo.MediaType)
{ {

19
src/write.c
View File

@@ -93,9 +93,6 @@
* *
* @warning The function may trigger automatic block closure, which can result in disk I/O * @warning The function may trigger automatic block closure, which can result in disk I/O
* operations and potential write errors even for seemingly simple sector writes. * operations and potential write errors even for seemingly simple sector writes.
*
* @warning No bounds checking is performed on sector_address. Writing beyond media limits
* may result in undefined behavior (TODO: implement bounds checking).
*/ */
int32_t aaruf_write_sector(void *context, uint64_t sector_address, bool negative, const uint8_t *data, int32_t aaruf_write_sector(void *context, uint64_t sector_address, bool negative, const uint8_t *data,
uint8_t sector_status, uint32_t length) uint8_t sector_status, uint32_t length)
@@ -132,7 +129,21 @@ int32_t aaruf_write_sector(void *context, uint64_t sector_address, bool negative
return AARUF_READ_ONLY; return AARUF_READ_ONLY;
} }
// TODO: Check not trying to write beyond media limits if(negative && sector_address > ctx->userDataDdtHeader.negative - 1)
{
FATAL("Sector address out of bounds");
TRACE("Exiting aaruf_write_sector() = AARUF_ERROR_SECTOR_OUT_OF_BOUNDS");
return AARUF_ERROR_SECTOR_OUT_OF_BOUNDS;
}
if(!negative && sector_address > ctx->imageInfo.Sectors + ctx->userDataDdtHeader.overflow - 1)
{
FATAL("Sector address out of bounds");
TRACE("Exiting aaruf_write_sector() = AARUF_ERROR_SECTOR_OUT_OF_BOUNDS");
return AARUF_ERROR_SECTOR_OUT_OF_BOUNDS;
}
// TODO: Check rewinded for disabling checksums // TODO: Check rewinded for disabling checksums