core: reduce TOCTTOU memory access

author: Liam 2023-07-14 22:32:24 -0400
committer: Liam 2023-07-22 11:19:29 -0400
commit: 9f3f615e054663fd6e538fa2db86271b467a6bfd (patch)
tree: 1c826b4de5fc2b51cbade16a6fedb969df8b437d /src/core/hle/kernel
parent: memory: minimize dependency on process (diff)
download: yuzu-9f3f615e054663fd6e538fa2db86271b467a6bfd.tar.gz
yuzu-9f3f615e054663fd6e538fa2db86271b467a6bfd.tar.xz
yuzu-9f3f615e054663fd6e538fa2db86271b467a6bfd.zip
2 files changed, 8 insertions, 14 deletions
diff --git a/src/core/hle/kernel/svc/svc_ipc.cpp b/src/core/hle/kernel/svc/svc_ipc.cpp
index bb94f6934..373ae7c8d 100644
--- a/src/core/hle/kernel/svc/svc_ipc.cpp
+++ b/src/core/hle/kernel/svc/svc_ipc.cpp
@@ -8,6 +8,7 @@
 #include "core/hle/kernel/k_process.h"
 #include "core/hle/kernel/k_server_session.h"
 #include "core/hle/kernel/svc.h"
+#include "core/hle/kernel/svc_results.h"
 namespace Kernel::Svc {
@@ -49,14 +50,10 @@ Result ReplyAndReceive(Core::System& system, s32* out_index, uint64_t handles_ad
    // Copy user handles.
    if (num_handles > 0) {
-        // Ensure we can try to get the handles.
-        R_UNLESS(GetCurrentMemory(kernel).IsValidVirtualAddressRange(
-                     handles_addr, static_cast<u64>(sizeof(Handle) * num_handles)),
-                 ResultInvalidPointer);
        // Get the handles.
-        GetCurrentMemory(kernel).ReadBlock(handles_addr, handles.data(),
+        R_UNLESS(GetCurrentMemory(kernel).ReadBlock(handles_addr, handles.data(),
-                                           sizeof(Handle) * num_handles);
+                                                    sizeof(Handle) * num_handles),
+                 ResultInvalidPointer);
        // Convert the handles to objects.
        R_UNLESS(handle_table.GetMultipleObjects<KSynchronizationObject>(
diff --git a/src/core/hle/kernel/svc/svc_synchronization.cpp b/src/core/hle/kernel/svc/svc_synchronization.cpp
index f02d03f30..366e8ed4a 100644
--- a/src/core/hle/kernel/svc/svc_synchronization.cpp
+++ b/src/core/hle/kernel/svc/svc_synchronization.cpp
@@ -7,6 +7,7 @@
 #include "core/hle/kernel/k_process.h"
 #include "core/hle/kernel/k_readable_event.h"
 #include "core/hle/kernel/svc.h"
+#include "core/hle/kernel/svc_results.h"
 namespace Kernel::Svc {
@@ -64,14 +65,10 @@ Result WaitSynchronization(Core::System& system, int32_t* out_index, u64 user_ha
    // Copy user handles.
    if (num_handles > 0) {
-        // Ensure we can try to get the handles.
-        R_UNLESS(GetCurrentMemory(kernel).IsValidVirtualAddressRange(
-                     user_handles, static_cast<u64>(sizeof(Handle) * num_handles)),
-                 ResultInvalidPointer);
        // Get the handles.
-        GetCurrentMemory(kernel).ReadBlock(user_handles, handles.data(),
+        R_UNLESS(GetCurrentMemory(kernel).ReadBlock(user_handles, handles.data(),
-                                           sizeof(Handle) * num_handles);
+                                                    sizeof(Handle) * num_handles),
+                 ResultInvalidPointer);
        // Convert the handles to objects.
        R_UNLESS(handle_table.GetMultipleObjects<KSynchronizationObject>(
author	Liam	2023-07-14 22:32:24 -0400
committer	Liam	2023-07-22 11:19:29 -0400
commit	9f3f615e054663fd6e538fa2db86271b467a6bfd (patch)
tree	1c826b4de5fc2b51cbade16a6fedb969df8b437d /src/core/hle/kernel
parent	memory: minimize dependency on process (diff)
download	yuzu-9f3f615e054663fd6e538fa2db86271b467a6bfd.tar.gz yuzu-9f3f615e054663fd6e538fa2db86271b467a6bfd.tar.xz yuzu-9f3f615e054663fd6e538fa2db86271b467a6bfd.zip