summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorGravatar Narr the Reg2024-01-01 13:56:06 -0600
committerGravatar GitHub2024-01-01 13:56:06 -0600
commit4d49f095b3bee2a417b462f675d398d563b5b37d (patch)
tree719495d487ff3c3d6549a3ae7d2d89d2a485180c /src
parentMerge pull request #12513 from liamwhite/jit-fix (diff)
parentips_layer: prevent out of bounds access with offset exceeding module size (diff)
downloadyuzu-4d49f095b3bee2a417b462f675d398d563b5b37d.tar.gz
yuzu-4d49f095b3bee2a417b462f675d398d563b5b37d.tar.xz
yuzu-4d49f095b3bee2a417b462f675d398d563b5b37d.zip
Merge pull request #12501 from liamwhite/ips
ips_layer: prevent out of bounds access with offset exceeding module size
Diffstat (limited to 'src')
-rw-r--r--src/core/file_sys/ips_layer.cpp7
1 files changed, 7 insertions, 0 deletions
diff --git a/src/core/file_sys/ips_layer.cpp b/src/core/file_sys/ips_layer.cpp
index 7be1322cc..31033634c 100644
--- a/src/core/file_sys/ips_layer.cpp
+++ b/src/core/file_sys/ips_layer.cpp
@@ -73,6 +73,9 @@ VirtualFile PatchIPS(const VirtualFile& in, const VirtualFile& ips) {
73 return nullptr; 73 return nullptr;
74 74
75 auto in_data = in->ReadAllBytes(); 75 auto in_data = in->ReadAllBytes();
76 if (in_data.size() == 0) {
77 return nullptr;
78 }
76 79
77 std::vector<u8> temp(type == IPSFileType::IPS ? 3 : 4); 80 std::vector<u8> temp(type == IPSFileType::IPS ? 3 : 4);
78 u64 offset = 5; // After header 81 u64 offset = 5; // After header
@@ -88,6 +91,10 @@ VirtualFile PatchIPS(const VirtualFile& in, const VirtualFile& ips) {
88 else 91 else
89 real_offset = (temp[0] << 16) | (temp[1] << 8) | temp[2]; 92 real_offset = (temp[0] << 16) | (temp[1] << 8) | temp[2];
90 93
94 if (real_offset > in_data.size()) {
95 return nullptr;
96 }
97
91 u16 data_size{}; 98 u16 data_size{};
92 if (ips->ReadObject(&data_size, offset) != sizeof(u16)) 99 if (ips->ReadObject(&data_size, offset) != sizeof(u16))
93 return nullptr; 100 return nullptr;
HIC SVNT DRACONES