From 096d9ebba8738a9851ca07032968b6f63b8ff6d6 Mon Sep 17 00:00:00 2001
From: tildearrow <me@tildearrow.org>
Date: Thu, 6 Feb 2025 14:09:16 -0500
Subject: [PATCH] GUI: command stream player memory safety

---
 src/gui/csPlayer.cpp | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/src/gui/csPlayer.cpp b/src/gui/csPlayer.cpp
index f95bddeb2..d35a35816 100644
--- a/src/gui/csPlayer.cpp
+++ b/src/gui/csPlayer.cpp
@@ -22,7 +22,6 @@
 #include "imgui.h"
 #include "guiConst.h"
 
-// TODO: memory safety
 String disasmCmd(unsigned char* buf, size_t bufLen, unsigned int addr) {
   if (addr>=bufLen) return "???";
 
@@ -42,39 +41,51 @@ String disasmCmd(unsigned char* buf, size_t bufLen, unsigned int addr) {
       return "mrel";
       break;
     case 0xb8:
+      if (addr+1>=bufLen) return "???";
       return fmt::sprintf("ins $%.2x",(int)buf[addr+1]);
       break;
     case 0xbe:
+      if (addr+2>=bufLen) return "???";
       return fmt::sprintf("pan $%x, $%x",(int)buf[addr+1],(int)buf[addr+2]);
       break;
     case 0xc0:
+      if (addr+1>=bufLen) return "???";
       return fmt::sprintf("preporta $%.2x",(int)buf[addr+1]);
       break;
     case 0xc2:
+      if (addr+2>=bufLen) return "???";
       return fmt::sprintf("vib %d, %d",(int)buf[addr+1],(int)buf[addr+2]);
       break;
     case 0xc3:
+      if (addr+1>=bufLen) return "???";
       return fmt::sprintf("vibrange %d",(int)buf[addr+1]);
       break;
     case 0xc4:
+      if (addr+1>=bufLen) return "???";
       return fmt::sprintf("vibshape %d",(int)buf[addr+1]);
       break;
     case 0xc5:
+      if (addr+1>=bufLen) return "???";
       return fmt::sprintf("pitch $%.2x",(int)buf[addr+1]);
       break;
     case 0xc6:
+      if (addr+2>=bufLen) return "???";
       return fmt::sprintf("arp %d, %d",(int)buf[addr+1],(int)buf[addr+2]);
       break;
     case 0xc7:
+      if (addr+1>=bufLen) return "???";
       return fmt::sprintf("vol $%.2x",(int)buf[addr+1]);
       break;
     case 0xc8:
+      if (addr+2>=bufLen) return "???";
       return fmt::sprintf("volslide %d",(int)((short)(buf[addr+1]|(buf[addr+2]<<8))));
       break;
     case 0xc9:
+      if (addr+2>=bufLen) return "???";
       return fmt::sprintf("porta %d, %d",(int)buf[addr+1],(int)buf[addr+2]);
       break;
     case 0xca:
+      if (addr+1>=bufLen) return "???";
       return fmt::sprintf("legato %d",(int)buf[addr+1]);
       break;
     case 0xe0: case 0xe1: case 0xe2: case 0xe3:
@@ -84,9 +95,11 @@ String disasmCmd(unsigned char* buf, size_t bufLen, unsigned int addr) {
       return fmt::sprintf("qwait (%d)",(int)(buf[addr]-0xe0));
       break;
     case 0xfc:
+      if (addr+2>=bufLen) return "???";
       return fmt::sprintf("waits %d",(int)(buf[addr+1]|(buf[addr+2]<<8)));
       break;
     case 0xfd:
+      if (addr+1>=bufLen) return "???";
       return fmt::sprintf("waitc %d",(int)buf[addr+1]);
       break;
     case 0xfe: