diff options
| author |  Lioncash | 2018-09-13 19:09:04 -0400 |
|---|---|---|
| committer | Lioncash | 2018-09-13 21:34:48 -0400 |
| commit | 7bd2faad9a41a04d81e5b33d454ca01d9eb650e0 (patch) | |
| tree | 79e5e5b17f95e21eef659d9ca9d2f7638d418c97 /src | |
| parent | Merge pull request #1308 from valentinvanelslande/ipc (diff) | |
| download | yuzu-7bd2faad9a41a04d81e5b33d454ca01d9eb650e0.tar.gz yuzu-7bd2faad9a41a04d81e5b33d454ca01d9eb650e0.tar.xz yuzu-7bd2faad9a41a04d81e5b33d454ca01d9eb650e0.zip | |
kernel/svc: Sanitize heap sizes within svcSetHeapSize()
The kernel checks if the given size is a multiple of 2MB and <= to 4GB
before going ahead and attempting to allocate that much memory.
Diffstat (limited to 'src')
| -rw-r--r-- | src/core/hle/kernel/errors.h | 2 | ||||
| -rw-r--r-- | src/core/hle/kernel/svc.cpp | 6 |
2 files changed, 8 insertions, 0 deletions
diff --git a/src/core/hle/kernel/errors.h b/src/core/hle/kernel/errors.h index ad39c8271..2be2fad82 100644 --- a/src/core/hle/kernel/errors.h +++ b/src/core/hle/kernel/errors.h | |||
| @@ -17,6 +17,7 @@ enum { | |||
| 17 | 17 | ||
| 18 | // Confirmed Switch OS error codes | 18 | // Confirmed Switch OS error codes |
| 19 | MaxConnectionsReached = 7, | 19 | MaxConnectionsReached = 7, |
| 20 | InvalidSize = 101, | ||
| 20 | InvalidAddress = 102, | 21 | InvalidAddress = 102, |
| 21 | HandleTableFull = 105, | 22 | HandleTableFull = 105, |
| 22 | InvalidMemoryState = 106, | 23 | InvalidMemoryState = 106, |
| @@ -55,6 +56,7 @@ constexpr ResultCode ERR_INVALID_MEMORY_PERMISSIONS(ErrorModule::Kernel, | |||
| 55 | ErrCodes::InvalidMemoryPermissions); | 56 | ErrCodes::InvalidMemoryPermissions); |
| 56 | constexpr ResultCode ERR_INVALID_HANDLE(ErrorModule::Kernel, ErrCodes::InvalidHandle); | 57 | constexpr ResultCode ERR_INVALID_HANDLE(ErrorModule::Kernel, ErrCodes::InvalidHandle); |
| 57 | constexpr ResultCode ERR_INVALID_PROCESSOR_ID(ErrorModule::Kernel, ErrCodes::InvalidProcessorId); | 58 | constexpr ResultCode ERR_INVALID_PROCESSOR_ID(ErrorModule::Kernel, ErrCodes::InvalidProcessorId); |
| 59 | constexpr ResultCode ERR_INVALID_SIZE(ErrorModule::Kernel, ErrCodes::InvalidSize); | ||
| 58 | constexpr ResultCode ERR_INVALID_STATE(ErrorModule::Kernel, ErrCodes::InvalidState); | 60 | constexpr ResultCode ERR_INVALID_STATE(ErrorModule::Kernel, ErrCodes::InvalidState); |
| 59 | constexpr ResultCode ERR_INVALID_THREAD_PRIORITY(ErrorModule::Kernel, | 61 | constexpr ResultCode ERR_INVALID_THREAD_PRIORITY(ErrorModule::Kernel, |
| 60 | ErrCodes::InvalidThreadPriority); | 62 | ErrCodes::InvalidThreadPriority); |
diff --git a/src/core/hle/kernel/svc.cpp b/src/core/hle/kernel/svc.cpp index f500fd2e7..a3d169e46 100644 --- a/src/core/hle/kernel/svc.cpp +++ b/src/core/hle/kernel/svc.cpp | |||
| @@ -39,6 +39,12 @@ namespace Kernel { | |||
| 39 | /// Set the process heap to a given Size. It can both extend and shrink the heap. | 39 | /// Set the process heap to a given Size. It can both extend and shrink the heap. |
| 40 | static ResultCode SetHeapSize(VAddr* heap_addr, u64 heap_size) { | 40 | static ResultCode SetHeapSize(VAddr* heap_addr, u64 heap_size) { |
| 41 | LOG_TRACE(Kernel_SVC, "called, heap_size=0x{:X}", heap_size); | 41 | LOG_TRACE(Kernel_SVC, "called, heap_size=0x{:X}", heap_size); |
| 42 | |||
| 43 | // Size must be a multiple of 0x200000 (2MB) and be equal to or less than 4GB. | ||
| 44 | if ((heap_size & 0xFFFFFFFE001FFFFF) != 0) { | ||
| 45 | return ERR_INVALID_SIZE; | ||
| 46 | } | ||
| 47 | |||
| 42 | auto& process = *Core::CurrentProcess(); | 48 | auto& process = *Core::CurrentProcess(); |
| 43 | CASCADE_RESULT(*heap_addr, | 49 | CASCADE_RESULT(*heap_addr, |
| 44 | process.HeapAllocate(Memory::HEAP_VADDR, heap_size, VMAPermission::ReadWrite)); | 50 | process.HeapAllocate(Memory::HEAP_VADDR, heap_size, VMAPermission::ReadWrite)); |