Memmap: Replace GetPointer with GetSpanForAddress

To ensure memory safety, callers of GetPointer have to perform a bounds check. But how is this bounds check supposed to be performed? GetPointerForRange contained one implementation of a bounds check, but it was cumbersome, and it also isn't obvious why it's correct. To make doing the right thing easier, this commit changes GetPointer to return a span that tells the caller how many bytes it's allowed to access.
2025-07-25 15:19:42 -06:00 · 2024-04-13 12:08:43 +02:00
parent 017f72f43e
commit 5c9bb80638
5 changed files with 53 additions and 25 deletions
--- a/Source/Core/VideoCommon/TextureInfo.cpp
+++ b/Source/Core/VideoCommon/TextureInfo.cpp
@ -3,6 +3,8 @@

 #include "VideoCommon/TextureInfo.h"

+#include <span>
+
 #include <fmt/format.h>
 #include <xxhash.h>

@ -47,8 +49,10 @@ TextureInfo TextureInfo::FromStage(u32 stage)

  auto& system = Core::System::GetInstance();
  auto& memory = system.GetMemory();
-  return TextureInfo(stage, memory.GetPointer(address), tlut_ptr, address, texture_format,
-                     tlut_format, width, height, false, nullptr, nullptr, mip_count);
+  // TODO: For memory safety, we need to check the size of this span
+  std::span<const u8> span = memory.GetSpanForAddress(address);
+  return TextureInfo(stage, span.data(), tlut_ptr, address, texture_format, tlut_format, width,
+                     height, false, nullptr, nullptr, mip_count);
 }

 TextureInfo::TextureInfo(u32 stage, const u8* ptr, const u8* tlut_ptr, u32 address,