From bf546fbfcbf87f7ce44a36f8696ff5acd15f6817 Mon Sep 17 00:00:00 2001
From: Solomon Peachy <pizza@shaftnet.org>
Date: Sat, 18 Apr 2020 10:23:26 -0400
Subject: Run-time validation of INT settings.

Check against min/max/step parameters

Many places this value is used as an index into an array; this will
help prevent array overflows and undefined/undesireable behavior.

Some fields accept arbitary values, continue to accept those.

Change-Id: Idbb5a17b7ceae5500660987703e2d6c16e920c92
---
 apps/settings.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'apps/settings.c')

diff --git a/apps/settings.c b/apps/settings.c
index 2841133957..32391a1f53 100644
--- a/apps/settings.c
+++ b/apps/settings.c
@@ -311,7 +311,13 @@ bool settings_load_config(const char* file, bool apply)
 #endif
                             if (settings[i].cfg_vals == NULL)
                         {
-                            *(int*)settings[i].setting = atoi(value);
+                            if (settings[i].flags&F_ALLOW_ARBITRARY_VALS ||
+                                (temp >= settings[i].int_setting->min &&
+                                 temp <= settings[i].int_setting->max &&
+                                 temp % settings[i].int_setting->step == 0))
+                            {
+                                *(int*)settings[i].setting = atoi(value);
+                            }
                         }
                         else
                         {
-- 
cgit v1.2.3