piwalker/dolphin
1
0
Fork 0
mirror of https://github.com/dolphin-emu/dolphin.git synced 2024-11-15 05:47:56 -07:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix heap buffer overflow in GCMemcardRaw

Browse Source
This commit is contained in:
Nicola Vella 2023-10-06 19:30:03 +02:00
parent 1c433d5f3f
commit 31dfb53152
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Source/Core/Core/HW/GCMemcard/GCMemcardRaw.cpp
View File

@ -169,7 +169,7 @@ void MemoryCard::MakeDirty()
s32 MemoryCard::Read(u32 src_address, s32 length, u8* dest_address) s32 MemoryCard::Read(u32 src_address, s32 length, u8* dest_address)
{ {
if (!IsAddressInBounds(src_address)) if (!IsAddressInBounds(src_address, length))
{ {
PanicAlertFmtT("MemoryCard: Read called with invalid source address ({0:#x})", src_address); PanicAlertFmtT("MemoryCard: Read called with invalid source address ({0:#x})", src_address);
return -1; return -1;
@ -181,7 +181,7 @@ s32 MemoryCard::Read(u32 src_address, s32 length, u8* dest_address)
s32 MemoryCard::Write(u32 dest_address, s32 length, const u8* src_address) s32 MemoryCard::Write(u32 dest_address, s32 length, const u8* src_address)
{ {
if (!IsAddressInBounds(dest_address)) if (!IsAddressInBounds(dest_address, length))
{ {
PanicAlertFmtT("MemoryCard: Write called with invalid destination address ({0:#x})", PanicAlertFmtT("MemoryCard: Write called with invalid destination address ({0:#x})",
dest_address); dest_address);
@ -198,7 +198,7 @@ s32 MemoryCard::Write(u32 dest_address, s32 length, const u8* src_address)
void MemoryCard::ClearBlock(u32 address) void MemoryCard::ClearBlock(u32 address)
{ {
if (address & (Memcard::BLOCK_SIZE - 1) || !IsAddressInBounds(address)) if (address & (Memcard::BLOCK_SIZE - 1) || !IsAddressInBounds(address, Memcard::BLOCK_SIZE))
{ {
PanicAlertFmtT("MemoryCard: ClearBlock called on invalid address ({0:#x})", address); PanicAlertFmtT("MemoryCard: ClearBlock called on invalid address ({0:#x})", address);
return; return;

2
Source/Core/Core/HW/GCMemcard/GCMemcardRaw.h
View File

@ -30,7 +30,7 @@ public:
void DoState(PointerWrap& p) override; void DoState(PointerWrap& p) override;
private: private:
bool IsAddressInBounds(u32 address) const { return address <= (m_memory_card_size - 1); } bool IsAddressInBounds(u32 address, u32 length) const { return address + length <= (m_memory_card_size - 1); }
std::string m_filename; std::string m_filename;
std::unique_ptr<u8[]> m_memcard_data; std::unique_ptr<u8[]> m_memcard_data;