piwalker/dolphin
1
0
Fork 0
mirror of https://github.com/dolphin-emu/dolphin.git synced 2025-07-24 14:49:42 -06:00
Code Issues Packages Projects Releases Wiki Activity

DSPDisassembler: Fix out-of-bounds read when the last word is an instruction with a large immediate

Browse Source 
For instance, ending with 0x009e (which you can do with CW 0x009e) indicates a LRI $ac0.m instruction, but there is no immediate value to load, so before whatever garbage in memory existed after the end of the file was used.

The bounds-checking also previously assumed that IRAM or IROM was being used, both of which were exactly 0x1000 long.
This commit is contained in:
Pokechu22
2022-06-13 18:34:17 -07:00
parent dc353ed84d
commit cad9801ded
4 changed files with 34 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
Source/Core/Core/HW/DSPLLE/DSPSymbols.cpp
View File

@ -77,13 +77,15 @@ void AutoDisassembly(const SDSP& dsp, u16 start_addr, u16 end_addr)
u16 addr = start_addr;
const u16* ptr = (start_addr >> 15) != 0 ? dsp.irom : dsp.iram;
constexpr size_t size = DSP_IROM_SIZE;
static_assert(size == DSP_IRAM_SIZE);
while (addr < end_addr)
{
line_to_addr[line_counter] = addr;
addr_to_line[addr] = line_counter;
std::string buf;
if (!disasm.DisassembleOpcode(ptr, &addr, buf))
if (!disasm.DisassembleOpcode(ptr, size, &addr, buf))
{
ERROR_LOG_FMT(DSPLLE, "disasm failed at {:04x}", addr);
break;