summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorGravatar Liam2023-07-14 22:32:24 -0400
committerGravatar Liam2023-07-22 11:19:29 -0400
commit9f3f615e054663fd6e538fa2db86271b467a6bfd (patch)
tree1c826b4de5fc2b51cbade16a6fedb969df8b437d /src
parentmemory: minimize dependency on process (diff)
downloadyuzu-9f3f615e054663fd6e538fa2db86271b467a6bfd.tar.gz
yuzu-9f3f615e054663fd6e538fa2db86271b467a6bfd.tar.xz
yuzu-9f3f615e054663fd6e538fa2db86271b467a6bfd.zip
core: reduce TOCTTOU memory access
Diffstat (limited to 'src')
-rw-r--r--src/core/debugger/gdbstub.cpp9
-rw-r--r--src/core/hle/kernel/svc/svc_ipc.cpp11
-rw-r--r--src/core/hle/kernel/svc/svc_synchronization.cpp11
3 files changed, 11 insertions, 20 deletions
diff --git a/src/core/debugger/gdbstub.cpp b/src/core/debugger/gdbstub.cpp
index da6078372..0f839d5b4 100644
--- a/src/core/debugger/gdbstub.cpp
+++ b/src/core/debugger/gdbstub.cpp
@@ -261,10 +261,8 @@ void GDBStub::ExecuteCommand(std::string_view packet, std::vector<DebuggerAction
261 const size_t addr{static_cast<size_t>(strtoll(command.data(), nullptr, 16))}; 261 const size_t addr{static_cast<size_t>(strtoll(command.data(), nullptr, 16))};
262 const size_t size{static_cast<size_t>(strtoll(command.data() + sep, nullptr, 16))}; 262 const size_t size{static_cast<size_t>(strtoll(command.data() + sep, nullptr, 16))};
263 263
264 if (system.ApplicationMemory().IsValidVirtualAddressRange(addr, size)) { 264 std::vector<u8> mem(size);
265 std::vector<u8> mem(size); 265 if (system.ApplicationMemory().ReadBlock(addr, mem.data(), size)) {
266 system.ApplicationMemory().ReadBlock(addr, mem.data(), size);
267
268 SendReply(Common::HexToString(mem)); 266 SendReply(Common::HexToString(mem));
269 } else { 267 } else {
270 SendReply(GDB_STUB_REPLY_ERR); 268 SendReply(GDB_STUB_REPLY_ERR);
@@ -281,8 +279,7 @@ void GDBStub::ExecuteCommand(std::string_view packet, std::vector<DebuggerAction
281 const auto mem_substr{std::string_view(command).substr(mem_sep)}; 279 const auto mem_substr{std::string_view(command).substr(mem_sep)};
282 const auto mem{Common::HexStringToVector(mem_substr, false)}; 280 const auto mem{Common::HexStringToVector(mem_substr, false)};
283 281
284 if (system.ApplicationMemory().IsValidVirtualAddressRange(addr, size)) { 282 if (system.ApplicationMemory().WriteBlock(addr, mem.data(), size)) {
285 system.ApplicationMemory().WriteBlock(addr, mem.data(), size);
286 system.InvalidateCpuInstructionCacheRange(addr, size); 283 system.InvalidateCpuInstructionCacheRange(addr, size);
287 SendReply(GDB_STUB_REPLY_OK); 284 SendReply(GDB_STUB_REPLY_OK);
288 } else { 285 } else {
diff --git a/src/core/hle/kernel/svc/svc_ipc.cpp b/src/core/hle/kernel/svc/svc_ipc.cpp
index bb94f6934..373ae7c8d 100644
--- a/src/core/hle/kernel/svc/svc_ipc.cpp
+++ b/src/core/hle/kernel/svc/svc_ipc.cpp
@@ -8,6 +8,7 @@
8#include "core/hle/kernel/k_process.h" 8#include "core/hle/kernel/k_process.h"
9#include "core/hle/kernel/k_server_session.h" 9#include "core/hle/kernel/k_server_session.h"
10#include "core/hle/kernel/svc.h" 10#include "core/hle/kernel/svc.h"
11#include "core/hle/kernel/svc_results.h"
11 12
12namespace Kernel::Svc { 13namespace Kernel::Svc {
13 14
@@ -49,14 +50,10 @@ Result ReplyAndReceive(Core::System& system, s32* out_index, uint64_t handles_ad
49 50
50 // Copy user handles. 51 // Copy user handles.
51 if (num_handles > 0) { 52 if (num_handles > 0) {
52 // Ensure we can try to get the handles.
53 R_UNLESS(GetCurrentMemory(kernel).IsValidVirtualAddressRange(
54 handles_addr, static_cast<u64>(sizeof(Handle) * num_handles)),
55 ResultInvalidPointer);
56
57 // Get the handles. 53 // Get the handles.
58 GetCurrentMemory(kernel).ReadBlock(handles_addr, handles.data(), 54 R_UNLESS(GetCurrentMemory(kernel).ReadBlock(handles_addr, handles.data(),
59 sizeof(Handle) * num_handles); 55 sizeof(Handle) * num_handles),
56 ResultInvalidPointer);
60 57
61 // Convert the handles to objects. 58 // Convert the handles to objects.
62 R_UNLESS(handle_table.GetMultipleObjects<KSynchronizationObject>( 59 R_UNLESS(handle_table.GetMultipleObjects<KSynchronizationObject>(
diff --git a/src/core/hle/kernel/svc/svc_synchronization.cpp b/src/core/hle/kernel/svc/svc_synchronization.cpp
index f02d03f30..366e8ed4a 100644
--- a/src/core/hle/kernel/svc/svc_synchronization.cpp
+++ b/src/core/hle/kernel/svc/svc_synchronization.cpp
@@ -7,6 +7,7 @@
7#include "core/hle/kernel/k_process.h" 7#include "core/hle/kernel/k_process.h"
8#include "core/hle/kernel/k_readable_event.h" 8#include "core/hle/kernel/k_readable_event.h"
9#include "core/hle/kernel/svc.h" 9#include "core/hle/kernel/svc.h"
10#include "core/hle/kernel/svc_results.h"
10 11
11namespace Kernel::Svc { 12namespace Kernel::Svc {
12 13
@@ -64,14 +65,10 @@ Result WaitSynchronization(Core::System& system, int32_t* out_index, u64 user_ha
64 65
65 // Copy user handles. 66 // Copy user handles.
66 if (num_handles > 0) { 67 if (num_handles > 0) {
67 // Ensure we can try to get the handles.
68 R_UNLESS(GetCurrentMemory(kernel).IsValidVirtualAddressRange(
69 user_handles, static_cast<u64>(sizeof(Handle) * num_handles)),
70 ResultInvalidPointer);
71
72 // Get the handles. 68 // Get the handles.
73 GetCurrentMemory(kernel).ReadBlock(user_handles, handles.data(), 69 R_UNLESS(GetCurrentMemory(kernel).ReadBlock(user_handles, handles.data(),
74 sizeof(Handle) * num_handles); 70 sizeof(Handle) * num_handles),
71 ResultInvalidPointer);
75 72
76 // Convert the handles to objects. 73 // Convert the handles to objects.
77 R_UNLESS(handle_table.GetMultipleObjects<KSynchronizationObject>( 74 R_UNLESS(handle_table.GetMultipleObjects<KSynchronizationObject>(
HIC SVNT DRACONES