From e47c37bd98653613cc1566ba0eafc53c5d9f0ccb Mon Sep 17 00:00:00 2001
From: JetSetIlly <stephen.t.illingworth@gmail.com>
Date: Wed, 17 Apr 2024 10:22:46 +0100
Subject: [PATCH] size check for CDF data

---
 hardware/memory/cartridge/cdf/cdf.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/hardware/memory/cartridge/cdf/cdf.go b/hardware/memory/cartridge/cdf/cdf.go
index 45fc786a..fe9e753b 100644
--- a/hardware/memory/cartridge/cdf/cdf.go
+++ b/hardware/memory/cartridge/cdf/cdf.go
@@ -90,6 +90,11 @@ func NewCDF(env *environment.Environment, loader cartridgeloader.Loader, version
 		yieldHook: coprocessor.StubCartYieldHook{},
 	}
 
+	// size check
+	if cart.NumBanks()*cart.bankSize > loader.Size() {
+		return nil, fmt.Errorf("CDF: not enough bytes in cartridge data")
+	}
+
 	cart.version, err = newVersion(env.Prefs.ARM.Model.Get().(string), version, data)
 	if err != nil {
 		return nil, fmt.Errorf("CDF: %w", err)