Add Bounds Check to md.asm, Issue #560

Added checks to prevent HBIOS API read/write calls from access RAM or ROM banks outside of the banks allocated for RAM/ROM disk.
2026-02-06 14:11:48 -06:00 · 2025-05-31 17:25:44 -07:00
parent 0d0360b277
commit 2f5cf8fce4
2 changed files with 35 additions and 1 deletions
--- a/Source/HBIOS/md.asm
+++ b/Source/HBIOS/md.asm
@@ -359,6 +359,7 @@ MD_RDSECF:				; CALLED FROM MD_RW
 					; SAVE THE 4K LBA FOR FUTURE CHECKS
 ;
 	CALL	MD_CALBAS		; SETUP BANK AND SECTOR
+	RET	NZ			; RETURN IF ERROR
 ;
 	LD	IX,MD_F4KBUF		; SET DESTINATION ADDRESS
 	LD	HL,MD_FREAD_R		; PUT ROUTINE TO CALL
@@ -467,7 +468,18 @@ MD_CALBAS:
 	CALL	PRTHEXWORD		; DISPLAY BANK AND
 	CALL	PC_SPACE		; SECTOR RESULT
 #ENDIF
-
+;
+	; CHECK FOR ACCESS BEYOND AVAILABLE ROM BANKS
+	LD	A,B			; BANK ID TO ACCUM
+	SUB	BID_ROMD0		; ZERO OFFSET
+	CP	ROMD_BNKS		; CHECK FOR OUT OF BOUNDS
+	JR	C,MD_CALBAS1		; IF NOT, CONTINUE
+	LD	A,ERR_IO		; ELSE SIGNAL IO ERROR
+	OR	A			; SET FLAGS
+	RET				; AND RETURN
+;
+MD_CALBAS1:
+	XOR	A			; SIGNAL SUCCESS
 	RET
 ;
 ; WRITE FLASH
@@ -485,6 +497,7 @@ MD_WRSECF:				; CALLED FROM MD_RW
 	LD	(MD_LBA4K),BC		; SAVE 4K LBA
 ;
 	CALL	MD_CALBAS		; SETUP BANK AND SECTOR
+	RET	NZ			; RETURN ON ERROR
 ;
 	LD	IX,MD_F4KBUF		; SET DESTINATION ADDRESS
 	LD	HL,MD_FREAD_R		; PUT ROUTINE TO CALL
@@ -566,6 +579,12 @@ MD_FBAS		.DW	$FFFF		; BANK AND SECTOR
 ;
 MD_RDSEC:
 	CALL	MD_IOSETUP		; SETUP FOR MEMORY COPY
+	CP	$FF			; ERROR?
+	JR	NZ,MD_RDSEC1		; IF NOT, CONTINUE
+	LD	A,ERR_IO		; SIGNAL IO ERROR
+	OR	A			; SET FLAGS
+	RET				; AND DONE
+MD_RDSEC1:
 #IF (MDTRACE >= 2)
 	LD	(MD_SRC),HL
 	LD	(MD_DST),DE
@@ -597,6 +616,12 @@ MD_RDSEC:
 ;
 MD_WRSEC:
 	CALL	MD_IOSETUP		; SETUP FOR MEMORY COPY
+	CP	$FF			; ERROR?
+	JR	NZ,MD_WRSEC1		; IF NOT, CONTINUE
+	LD	A,ERR_IO		; SIGNAL IO ERROR
+	OR	A			; SET FLAGS
+	RET				; AND DONE
+MD_WRSEC1:
 	EX	DE,HL			; SWAP SRC/DEST FOR WRITE
 #IF (MDTRACE >= 2)
 	LD	(MD_SRC),HL
@@ -682,13 +707,21 @@ MD_IOSETUP:
 	JR	Z,MD_IOSETUP2		; DO ROM DRIVE, ELSE FALL THRU FOR RAM DRIVE
 ;
 MD_IOSETUP1:	; ROM
+	CP	ROMD_BNKS		; WITHIN AVAILABLE ROM DISK BANKS?
+	JR	NC,MD_IOSETUP3		; HANDLE OUT OF BOUNDS
 	ADD	A,BID_ROMD0
 	RET
 ;
 MD_IOSETUP2:	; RAM
+	CP	RAMD_BNKS		; WITHIN AVAILABLE ROM DISK BANKS?
+	JR	NC,MD_IOSETUP3		; HANDLE OUT OF BOUNDS
 	ADD	A,BID_RAMD0
 	RET
 ;
+MD_IOSETUP3:
+	OR	$FF			; SIGNAL ERROR
+	RET				; DONE
+;
 ;
 ;
 #IF (MDTRACE >= 2)