mirror of
https://github.com/citra-emu/citra-canary.git
synced 2024-12-23 08:45:38 +00:00
loader: check for overflow of seg_sizes[] in 3dsx loader (#6075)
This commit is contained in:
parent
2b2868f156
commit
357025dfdf
|
@ -111,6 +111,11 @@ static THREEDSX_Error Load3DSXFile(FileUtil::IOFile& file, u32 base_addr,
|
|||
loadinfo.seg_sizes[0] = (hdr.code_seg_size + 0xFFF) & ~0xFFF;
|
||||
loadinfo.seg_sizes[1] = (hdr.rodata_seg_size + 0xFFF) & ~0xFFF;
|
||||
loadinfo.seg_sizes[2] = (hdr.data_seg_size + 0xFFF) & ~0xFFF;
|
||||
// prevent integer overflow leading to heap-buffer-overflow
|
||||
if (loadinfo.seg_sizes[0] < hdr.code_seg_size || loadinfo.seg_sizes[1] < hdr.rodata_seg_size ||
|
||||
loadinfo.seg_sizes[2] < hdr.data_seg_size) {
|
||||
return ERROR_READ;
|
||||
}
|
||||
u32 offsets[2] = {loadinfo.seg_sizes[0], loadinfo.seg_sizes[0] + loadinfo.seg_sizes[1]};
|
||||
u32 n_reloc_tables = hdr.reloc_hdr_size / sizeof(u32);
|
||||
std::vector<u8> program_image(loadinfo.seg_sizes[0] + loadinfo.seg_sizes[1] +
|
||||
|
|
Loading…
Reference in a new issue