Skip to content

Media History: stored write-protected media removed when machine starts#6918

Merged
OBattler merged 2 commits into
86Box:masterfrom
bozoscum:master
Mar 12, 2026
Merged

Media History: stored write-protected media removed when machine starts#6918
OBattler merged 2 commits into
86Box:masterfrom
bozoscum:master

Conversation

@bozoscum

@bozoscum bozoscum commented Mar 12, 2026

Copy link
Copy Markdown
Contributor

Summary

write-protected media other than which located in the machine folder being removed by Media History Manager due to 'wp://' is not positioned at the beginning of stored path in the machine configuration file.

eg. stored as ../../wp://disk/floppy.img instead of wp://../../disk/floppy.img

all the codes expect the beginning 5 character to be 'wp://' for write-protected but not in the middle of the path string

Checklist

References

N/A

@bozoscum bozoscum marked this pull request as ready for review March 12, 2026 08:55
@OBattler

Copy link
Copy Markdown
Member

Because that's the intented usage, it's a prefix, similar to http:// or ftp://, not something intended to be used in the middle of a path.

@OBattler

Copy link
Copy Markdown
Member

Wait, I just noticed that I messed up in the implementation and you corrected it, thanks!

@OBattler OBattler merged commit 9aec32c into 86Box:master Mar 12, 2026
44 checks passed
Comment thread src/config.c
/* Do not relativize to root. */
else if ((above2 != NULL) && (above3 != NULL) && !strnicmp(src, above2, strlen(above2)))
sprintf(temp, "../../%s%s", prefix, &src[strlen(above2)]);
sprintf(temp, "%s../../%s", prefix, &src[strlen(above2)]);

Check failure

Code scanning / CodeQL

Unbounded write Critical

This 'call to sprintf' with input from a command-line argument may overflow the destination.
Comment thread src/config.c
/* Do not relativize to root. */
else if ((above != NULL) && (above2 != NULL) && !strnicmp(src, above, strlen(above)))
sprintf(temp, "../%s%s", prefix, &src[strlen(above)]);
sprintf(temp, "%s../%s", prefix, &src[strlen(above)]);

Check failure

Code scanning / CodeQL

Unbounded write Critical

This 'call to sprintf' with input from a command-line argument may overflow the destination.
Comment thread src/config.c
sprintf(temp, "%s../%s", prefix, &src[strlen(above)]);
else if (!strnicmp(src, exe_path, strlen(exe_path)))
sprintf(temp, "<exe_path>/%s%s", prefix, &src[strlen(exe_path)]);
sprintf(temp, "%s<exe_path>/%s", prefix, &src[strlen(exe_path)]);

Check failure

Code scanning / CodeQL

Unbounded write Critical

This 'call to sprintf' with input from a command-line argument may overflow the destination.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants