citra-emu
/
citra-canary
Archived
1
0
Fork 0

loader: check for overflow of seg_sizes[] in 3dsx loader (#6075)

This commit is contained in:
Diego Arias 2022-07-23 12:27:55 -04:00 committed by GitHub
parent 2b2868f156
commit 357025dfdf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 0 deletions

View File

@ -111,6 +111,11 @@ static THREEDSX_Error Load3DSXFile(FileUtil::IOFile& file, u32 base_addr,
loadinfo.seg_sizes[0] = (hdr.code_seg_size + 0xFFF) & ~0xFFF;
loadinfo.seg_sizes[1] = (hdr.rodata_seg_size + 0xFFF) & ~0xFFF;
loadinfo.seg_sizes[2] = (hdr.data_seg_size + 0xFFF) & ~0xFFF;
// prevent integer overflow leading to heap-buffer-overflow
if (loadinfo.seg_sizes[0] < hdr.code_seg_size || loadinfo.seg_sizes[1] < hdr.rodata_seg_size ||
loadinfo.seg_sizes[2] < hdr.data_seg_size) {
return ERROR_READ;
}
u32 offsets[2] = {loadinfo.seg_sizes[0], loadinfo.seg_sizes[0] + loadinfo.seg_sizes[1]};
u32 n_reloc_tables = hdr.reloc_hdr_size / sizeof(u32);
std::vector<u8> program_image(loadinfo.seg_sizes[0] + loadinfo.seg_sizes[1] +