From 1583dac116be07cf98145c95397e19d8c8e7b833 Mon Sep 17 00:00:00 2001
From: "B. Watson" <urchlay@slackware.uk>
Date: Sun, 19 May 2024 15:54:13 -0400
Subject: unprotbas: check for bad memmove and too-small input file.

---
 unprotbas.c | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

(limited to 'unprotbas.c')

diff --git a/unprotbas.c b/unprotbas.c
index 0b11e0e..16fbea5 100644
--- a/unprotbas.c
+++ b/unprotbas.c
@@ -16,6 +16,12 @@
 
 #define STM_OFFSET 0xf2
 
+/* minimum program size, for a program that has no variables and
+	only one line of code (the immediate line 32768, consisting only of
+	one token, which would be CSAVE). anything smaller than this, we
+	can't process. */
+#define MIN_PROG_SIZE 21
+
 /* entire file gets read into memory (for now) */
 unsigned char data[65536];
 
@@ -60,6 +66,8 @@ int readfile(void) {
 	int got = fread(data, 1, 65535, input_file);
 	if(verbose) fprintf(stderr, "read %d bytes\n", got);
 	fclose(input_file);
+	if(got < MIN_PROG_SIZE)
+		die("File too short to be a BASIC program (truncated?)\n");
 	return got;
 }
 
@@ -194,7 +202,14 @@ int fixcode(void) {
 	by moving the rest of the program (including the variable value
 	table) up in memory. */
 void move_code(int offset) {
-	memmove(data + vvstart + offset, data + vvstart, filelen);
+	unsigned char *dest = data + vvstart + offset;
+
+	if(dest < data || (filelen + offset) > 65535) {
+		die("attempt to move memory out of range; corrupt header bytes?\n");
+	}
+
+	memmove(dest, data + vvstart, filelen);
+
 	vntd += offset;
 	vvtp += offset;
 	stmtab += offset;
-- 
cgit v1.2.3