IR.EXE bug, probably a buffer overflow

[johnsfine]

I wanted to test a bunch of Sharp VCR commands from other models, so I added them to my rmdu file and mapped a LOT of buttons.

I paste into IR.EXE's "Upgrade Device" window. When I press OK, the program (IR.EXE) goes away.

I'll experiment later to see if it's a bad ilegal character or simply too big.

What I was pasting was:

Upgrade code 0 = 20 30 (VCR/0048) (RM v1.18)
1c 0d 3e fe fe e1 3c
88 48 68 2c c8 13 b8 38 99 39 b9 d9 59 04 b1 44
a4 c4 84 e4 14 21 11
KeyMoves
9f f3 20 30 21«Cancel: Cancels progams / Clears counter»¦
b0 f3 20 30 98«Timer on/off»¦
a0 f3 20 30 d0«am/pm-./.: VC-FM1GM»¦
a3 f3 20 30 31«Display: Front of VCR»¦
8c f3 20 30 8c«X2»¦
8f f3 20 30 94«Slow»¦
8b f3 20 30 c1«Zero back»¦
8d f3 20 30 f8«Tape Speed»¦
8e f3 20 30 cc«Eject»¦
25 f3 20 30 18«SAP on/off»¦
26 f3 20 30 54«super: VC-FM1GM»¦
27 f3 20 30 81«ent: VC-320E»¦
28 f3 20 30 24«F.adv»¦
a8 f3 20 30 b0«Tamper Proof»¦
2a f3 20 30 0c«DPSS(-)»¦
aa f3 20 30 19«menu: VC-FM1GM»¦
2b f3 20 30 f4«DPSS(+)»¦
ab f3 20 30 03«sv/v+: VC-FM1GM»¦
2c f3 20 30 61«-: ???»¦
ac f3 20 30 09«Skip search»¦
2d f3 20 30 a1«+: ???»¦
ad f3 20 30 08«Auto Repeat»
End

[johnsfine]

Correction. It is not directly a buffer overflow, nor an illegal character.

I can paste that whole thing in perfectly, if I first remove all previous versions of those KeyMoves. The crash occurs when some of those KeyMoves were already present.

A different bug seems to be triggered if I add this upgrade to an empty config of 15-2104.

It seems to work if I add it to my working config after deleting all the keymoves in its device mode. It then crashes if I edit or add it again.


I don't have time now to continue testing.