commit dc7837b8a83d938f919de7a4f3ced5148a386603
Author: David Korth <gerbilsoft@verizon.net>
Date: Fri Jul 31 18:08:04 2009 -0400
[WTF] save.cpp: Fixed a buffer overflow when loading savestates.
In the release build, loading a savestate caused glibc to abort with a
buffer overflow error. This occurred because the savestate code was
attmepting to load 512 bytes from the savestate into CRam, which is
defined as 64 WORDs (128 bytes). It probably worked before commit
d8c490aca52c248e455fc4cdbfd2dbae5da0e081, which reduced the size of
CRam from 64 DWORDs (256 bytes) to 64 WORDs (128 bytes). I'm guessing
that the extra space gave it just enough room that it was still able
to save the extra 256 bytes, even though it wasn't allocated for CRam.
(Strangely, this buffer overflow did not occur in the debug build.)
Also, as an interesting note, Gens Rerecording defines CRam as 64 DWORDs
(256 bytes), but saves and loads 512 bytes for CRam anyway.
The SRAM code, which is right next to the CRAM code, now uses sizeof()
instead of hard-coded sizes to prevent this sort of thing from happening.
This bug was reported by Zombie Ryushu.