Close some security holes.

src/devices/file.c

@@ -150,6 +150,8 @@ file_deo(Device *d, Uint8 port)
 	case 0x5:
 		DEVPEEK16(a, 0x4);
 		DEVPEEK16(b, 0xa);
+		if(b > 0x10000 - a)
+			b = 0x10000 - a;
 		res = file_stat(&d->u->ram[a], b);
 		DEVPOKE16(0x2, res);
 		break;
@@ -165,12 +167,16 @@ file_deo(Device *d, Uint8 port)
 	case 0xd:
 		DEVPEEK16(a, 0xc);
 		DEVPEEK16(b, 0xa);
+		if(b > 0x10000 - a)
+			b = 0x10000 - a;
 		res = file_read(&d->u->ram[a], b);
 		DEVPOKE16(0x2, res);
 		break;
 	case 0xf:
 		DEVPEEK16(a, 0xe);
 		DEVPEEK16(b, 0xa);
+		if(b > 0x10000 - a)
+			b = 0x10000 - a;
 		res = file_write(&d->u->ram[a], b, d->dat[0x7]);
 		DEVPOKE16(0x2, res);
 		break;

src/devices/screen.c

@@ -163,6 +163,8 @@ screen_deo(Device *d, Uint8 port)
 		DEVPEEK16(x, 0x8);
 		DEVPEEK16(y, 0xa);
 		DEVPEEK16(addr, 0xc);
+		if(addr > 0xfff8 - twobpp * 8)
+			return;
 		screen_blit(&uxn_screen, layer, x, y, &d->u->ram[addr], d->dat[0xf] & 0xf, d->dat[0xf] & 0x10, d->dat[0xf] & 0x20, twobpp);
 		if(d->dat[0x6] & 0x04) DEVPOKE16(0xc, addr + 8 + twobpp * 8); /* auto addr+length */
 		if(d->dat[0x6] & 0x01) DEVPOKE16(0x8, x + 8);                 /* auto x+8 */

src/uxnemu.c

@@ -205,6 +205,8 @@ audio_deo(Device *d, Uint8 port)
 		DEVPEEK16(adsr, 0x8);
 		DEVPEEK16(c->len, 0xa);
 		DEVPEEK16(addr, 0xc);
+		if(c->len > 0x10000 - addr)
+			c->len = 0x10000 - addr;
 		c->addr = &d->u->ram[addr];
 		c->volume[0] = d->dat[0xe] >> 4;
 		c->volume[1] = d->dat[0xe] & 0xf;