Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Corrupt the stack with the following process on a release build (prior to this commit): - Open FCEUX, do NOT load a ROM. - Open the debugger window. - Resize the debugger window to force it to refresh the disassembler. - Double click on any address that is not $0000. - The Add Breakpoint window will open with the condition string filled with `K==#FFFFFFFF`, which is at least 13 characters long. - The `str` array that this string is written to only has capacity for 8 characters. - Whoops! For debug builds, the process is the same, except you don't have to force the disassembler to refresh by resizing the window. The debugger window will open with the disassembly ready to click on. This commit fixes a bug in the original `getBank()` implementation when `GetNesFileAddress()` returns -1. See: https://github.com/TASEmulators/fceux/blob/f980ec2bc7dc962f6cd76b9ae3131f2eb902c9e7/src/debug.cpp#L303-L307 `addr` will be -17 in this error condition after the iNES header size is subtracted. This causes the following error checks to fail and weird integer arithmetic (specifically `-17 / (1 << 14)` is 0!) then returns 0 to the caller, indicating a successful result for bank number 0. With the fix, `getBank()` now properly returns -1 and causes the stack corruption with unrelated code as described above. This commit adds proper error handling to the code in question. Additionally, the previous commit also kept the original `-17 / 0x1000 == 0` behavior for NSFs. That is now corrected in this commit; `getBank()` always returns -1 for errors instead of integer divisions truncating negative results to 0.
- Loading branch information