Check TMD sizes using the actual constant

0x49e4 is the actual maximum TMD size (which is checked against in ES). IsValidTMDSize is added to ESFormats to avoid duplicating the constant.
2025-07-23 06:09:50 -06:00 · 2017-05-26 11:23:11 +02:00
parent f4190ab1c4
commit b5a2f34a37
5 changed files with 18 additions and 7 deletions
--- a/Source/Core/DiscIO/VolumeWad.cpp
+++ b/Source/Core/DiscIO/VolumeWad.cpp
@ -41,7 +41,7 @@ CVolumeWAD::CVolumeWAD(std::unique_ptr<IBlobReader> reader) : m_reader(std::move
  m_opening_bnr_offset =
      m_tmd_offset + Common::AlignUp(m_tmd_size, 0x40) + Common::AlignUp(m_data_size, 0x40);

-  if (m_tmd_size > 1024 * 1024 * 4)
+  if (!IOS::ES::IsValidTMDSize(m_tmd_size))
  {
    ERROR_LOG(DISCIO, "TMD is too large: %u bytes", m_tmd_size);
    return;
--- a/Source/Core/DiscIO/VolumeWiiCrypted.cpp
+++ b/Source/Core/DiscIO/VolumeWiiCrypted.cpp
@ -81,13 +81,11 @@ CVolumeWiiCrypted::CVolumeWiiCrypted(std::unique_ptr<IBlobReader> reader)
      if (!m_pReader->ReadSwapped(partition_offset + 0x2a8, &tmd_address))
        continue;
      tmd_address <<= 2;
-      if (tmd_size > 1024 * 1024 * 4)
+      if (!IOS::ES::IsValidTMDSize(tmd_size))
      {
-        // The size is checked so that a malicious or corrupt ISO
-        // can't force Dolphin to allocate up to 4 GiB of memory.
-        // 4 MiB should be much bigger than the size of TMDs and much smaller
-        // than the amount of RAM in a computer that can run Dolphin.
-        PanicAlert("TMD > 4 MiB");
+        // This check is normally done by ES in ES_DiVerify, but that would happen too late
+        // (after allocating the buffer), so we do the check here.
+        PanicAlert("Invalid TMD size");
        continue;
      }
      std::vector<u8> tmd_buffer(tmd_size);