mirror of
https://github.com/citra-emu/citra-canary.git
synced 2025-01-11 04:45:31 +00:00
loader: check for overflow of seg_sizes[] in 3dsx loader (#6075)
This commit is contained in:
parent
2b2868f156
commit
357025dfdf
|
@ -111,6 +111,11 @@ static THREEDSX_Error Load3DSXFile(FileUtil::IOFile& file, u32 base_addr,
|
||||||
loadinfo.seg_sizes[0] = (hdr.code_seg_size + 0xFFF) & ~0xFFF;
|
loadinfo.seg_sizes[0] = (hdr.code_seg_size + 0xFFF) & ~0xFFF;
|
||||||
loadinfo.seg_sizes[1] = (hdr.rodata_seg_size + 0xFFF) & ~0xFFF;
|
loadinfo.seg_sizes[1] = (hdr.rodata_seg_size + 0xFFF) & ~0xFFF;
|
||||||
loadinfo.seg_sizes[2] = (hdr.data_seg_size + 0xFFF) & ~0xFFF;
|
loadinfo.seg_sizes[2] = (hdr.data_seg_size + 0xFFF) & ~0xFFF;
|
||||||
|
// prevent integer overflow leading to heap-buffer-overflow
|
||||||
|
if (loadinfo.seg_sizes[0] < hdr.code_seg_size || loadinfo.seg_sizes[1] < hdr.rodata_seg_size ||
|
||||||
|
loadinfo.seg_sizes[2] < hdr.data_seg_size) {
|
||||||
|
return ERROR_READ;
|
||||||
|
}
|
||||||
u32 offsets[2] = {loadinfo.seg_sizes[0], loadinfo.seg_sizes[0] + loadinfo.seg_sizes[1]};
|
u32 offsets[2] = {loadinfo.seg_sizes[0], loadinfo.seg_sizes[0] + loadinfo.seg_sizes[1]};
|
||||||
u32 n_reloc_tables = hdr.reloc_hdr_size / sizeof(u32);
|
u32 n_reloc_tables = hdr.reloc_hdr_size / sizeof(u32);
|
||||||
std::vector<u8> program_image(loadinfo.seg_sizes[0] + loadinfo.seg_sizes[1] +
|
std::vector<u8> program_image(loadinfo.seg_sizes[0] + loadinfo.seg_sizes[1] +
|
||||||
|
|
Loading…
Reference in a new issue