Forks/citra
1
0
Fork 0
mirror of https://github.com/PabloMK7/citra.git synced 2025-10-31 05:40:04 +00:00
Code Issues Projects Releases Packages Wiki Activity

loader: check for overflow of seg_sizes[] in 3dsx loader (#6075)

Browse source
This commit is contained in:
Diego Arias 2022-07-23 12:27:55 -04:00 committed by GitHub
parent 2b2868f156
commit 357025dfdf
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
src/core/loader/3dsx.cpp
View file

@ -111,6 +111,11 @@ static THREEDSX_Error Load3DSXFile(FileUtil::IOFile& file, u32 base_addr,
loadinfo.seg_sizes[0] = (hdr.code_seg_size + 0xFFF) & ~0xFFF; loadinfo.seg_sizes[0] = (hdr.code_seg_size + 0xFFF) & ~0xFFF;
loadinfo.seg_sizes[1] = (hdr.rodata_seg_size + 0xFFF) & ~0xFFF; loadinfo.seg_sizes[1] = (hdr.rodata_seg_size + 0xFFF) & ~0xFFF;
loadinfo.seg_sizes[2] = (hdr.data_seg_size + 0xFFF) & ~0xFFF; loadinfo.seg_sizes[2] = (hdr.data_seg_size + 0xFFF) & ~0xFFF;
// prevent integer overflow leading to heap-buffer-overflow
if (loadinfo.seg_sizes[0] < hdr.code_seg_size || loadinfo.seg_sizes[1] < hdr.rodata_seg_size ||
loadinfo.seg_sizes[2] < hdr.data_seg_size) {
return ERROR_READ;
}
u32 offsets[2] = {loadinfo.seg_sizes[0], loadinfo.seg_sizes[0] + loadinfo.seg_sizes[1]}; u32 offsets[2] = {loadinfo.seg_sizes[0], loadinfo.seg_sizes[0] + loadinfo.seg_sizes[1]};
u32 n_reloc_tables = hdr.reloc_hdr_size / sizeof(u32); u32 n_reloc_tables = hdr.reloc_hdr_size / sizeof(u32);
std::vector<u8> program_image(loadinfo.seg_sizes[0] + loadinfo.seg_sizes[1] + std::vector<u8> program_image(loadinfo.seg_sizes[0] + loadinfo.seg_sizes[1] +