piwalker/dolphin
1
0
Fork 0
mirror of https://github.com/dolphin-emu/dolphin.git synced 2025-07-21 05:09:34 -06:00
Code Issues Packages Projects Releases Wiki Activity

Common/PointerWrap: Prevent reads/writes past the end of the buffer.

Browse Source
This commit is contained in:
Admiral H. Curtiss
2022-04-18 04:13:25 +02:00
parent 853cf4f818
commit ef760ee012
4 changed files with 51 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
Source/Core/UICommon/GameFileCache.cpp
View File

@ -230,14 +230,14 @@ bool GameFileCache::SyncCacheFile(bool save)
{
// Measure the size of the buffer.
u8* ptr = nullptr;
PointerWrap p(&ptr, PointerWrap::MODE_MEASURE);
DoState(&p);
PointerWrap p_measure(&ptr, 0, PointerWrap::MODE_MEASURE);
DoState(&p_measure);
const size_t buffer_size = reinterpret_cast<size_t>(ptr);
// Then actually do the write.
std::vector<u8> buffer(buffer_size);
ptr = &buffer[0];
p.SetMode(PointerWrap::MODE_WRITE);
ptr = buffer.data();
PointerWrap p(&ptr, buffer_size, PointerWrap::MODE_WRITE);
DoState(&p, buffer_size);
if (f.WriteBytes(buffer.data(), buffer.size()))
success = true;
@ -248,7 +248,7 @@ bool GameFileCache::SyncCacheFile(bool save)
if (!buffer.empty() && f.ReadBytes(buffer.data(), buffer.size()))
{
u8* ptr = buffer.data();
PointerWrap p(&ptr, PointerWrap::MODE_READ);
PointerWrap p(&ptr, buffer.size(), PointerWrap::MODE_READ);
DoState(&p, buffer.size());
if (p.GetMode() == PointerWrap::MODE_READ)
success = true;