From 897e2f363c94a10077b64d70ba19de2cd43ce1fa Mon Sep 17 00:00:00 2001
From: Cameron Cawley
Date: Sun, 15 Dec 2019 23:29:40 +0000
Subject: GLK: LEVEL9: Fix crash in detection code

---
 engines/glk/level9/detection.cpp | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

(limited to 'engines/glk/level9')

diff --git a/engines/glk/level9/detection.cpp b/engines/glk/level9/detection.cpp
index fef1baec46..bd1ea06a3b 100644
--- a/engines/glk/level9/detection.cpp
+++ b/engines/glk/level9/detection.cpp
@@ -64,8 +64,6 @@ const L9V1GameInfo &Scanner::v1Game() const {
 }
 
 long Scanner::scan(byte *startFile, uint32 size) {
-	byte *Chk = (byte *)malloc(size + 1);
-	byte *Image = (byte *)calloc(size, 1);
 	uint32 i, num, Size, MaxSize = 0;
 	int j;
 	uint16 d0 = 0, l9, md, ml, dd, dl;
@@ -73,6 +71,12 @@ long Scanner::scan(byte *startFile, uint32 size) {
 	long offset = -1;
 	bool JumpKill, DriverV4;
 
+	if (size < 33)
+		return -1;
+
+	byte *Chk = (byte *)malloc(size + 1);
+	byte *Image = (byte *)calloc(size, 1);
+
 	if ((Chk == nullptr) || (Image == nullptr)) {
 		error("Unable to allocate memory for game scan! Exiting...");
 	}
@@ -128,8 +132,6 @@ long Scanner::scan(byte *startFile, uint32 size) {
 }
 
 long Scanner::ScanV2(byte *startFile, uint32 size) {
-	byte *Chk = (byte *)malloc(size + 1);
-	byte *Image = (byte *)calloc(size, 1);
 	uint32 i, Size, MaxSize = 0, num;
 	int j;
 	uint16 d0 = 0, l9;
@@ -137,6 +139,12 @@ long Scanner::ScanV2(byte *startFile, uint32 size) {
 	long offset = -1;
 	bool JumpKill;
 
+	if (size < 28)
+		return -1;
+
+	byte *Chk = (byte *)malloc(size + 1);
+	byte *Image = (byte *)calloc(size, 1);
+
 	if ((Chk == nullptr) || (Image == nullptr)) {
 		error("Unable to allocate memory for game scan! Exiting...");
 	}
@@ -179,7 +187,6 @@ long Scanner::ScanV2(byte *startFile, uint32 size) {
 }
 
 long Scanner::ScanV1(byte *startFile, uint32 size) {
-	byte *Image = (byte *)calloc(size, 1);
 	uint32 i, Size;
 	int Replace;
 	byte *ImagePtr;
@@ -191,6 +198,10 @@ long Scanner::ScanV1(byte *startFile, uint32 size) {
 	int dictOff1 = 0, dictOff2 = 0;
 	byte dictVal1 = 0xff, dictVal2 = 0xff;
 
+	if (size < 20)
+		return -1;
+
+	byte *Image = (byte *)calloc(size, 1);
 	if (Image == nullptr) {
 		error("Unable to allocate memory for game scan! Exiting...");
 	}
-- 
cgit v1.2.3