Memmap: Replace GetPointer with GetSpanForAddress

To ensure memory safety, callers of GetPointer have to perform a bounds
check. But how is this bounds check supposed to be performed?
GetPointerForRange contained one implementation of a bounds check, but
it was cumbersome, and it also isn't obvious why it's correct.

To make doing the right thing easier, this commit changes GetPointer to
return a span that tells the caller how many bytes it's allowed to
access.
This commit is contained in:
JosJuice
2024-04-13 12:08:43 +02:00
parent 017f72f43e
commit 5c9bb80638
5 changed files with 53 additions and 25 deletions

View File

@ -3,6 +3,8 @@
#include "VideoCommon/TextureInfo.h"
#include <span>
#include <fmt/format.h>
#include <xxhash.h>
@ -47,8 +49,10 @@ TextureInfo TextureInfo::FromStage(u32 stage)
auto& system = Core::System::GetInstance();
auto& memory = system.GetMemory();
return TextureInfo(stage, memory.GetPointer(address), tlut_ptr, address, texture_format,
tlut_format, width, height, false, nullptr, nullptr, mip_count);
// TODO: For memory safety, we need to check the size of this span
std::span<const u8> span = memory.GetSpanForAddress(address);
return TextureInfo(stage, span.data(), tlut_ptr, address, texture_format, tlut_format, width,
height, false, nullptr, nullptr, mip_count);
}
TextureInfo::TextureInfo(u32 stage, const u8* ptr, const u8* tlut_ptr, u32 address,