Skip to content
Snippets Groups Projects
Commit d1c99c5d authored by Liam's avatar Liam
Browse files

ips_layer: prevent out of bounds access with offset exceeding module size

parent 12178c69
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
src/core/file_sys/ips_layer.cpp
+ 7
0
View file @ d1c99c5d
...@@ -73,6 +73,9 @@ VirtualFile PatchIPS(const VirtualFile& in, const VirtualFile& ips) { ...@@ -73,6 +73,9 @@ VirtualFile PatchIPS(const VirtualFile& in, const VirtualFile& ips) {
return nullptr; return nullptr;
auto in_data = in->ReadAllBytes(); auto in_data = in->ReadAllBytes();
if (in_data.size() == 0) {
return nullptr;
}
std::vector<u8> temp(type == IPSFileType::IPS ? 3 : 4); std::vector<u8> temp(type == IPSFileType::IPS ? 3 : 4);
u64 offset = 5; // After header u64 offset = 5; // After header
...@@ -88,6 +91,10 @@ VirtualFile PatchIPS(const VirtualFile& in, const VirtualFile& ips) { ...@@ -88,6 +91,10 @@ VirtualFile PatchIPS(const VirtualFile& in, const VirtualFile& ips) {
else else
real_offset = (temp[0] << 16) | (temp[1] << 8) | temp[2]; real_offset = (temp[0] << 16) | (temp[1] << 8) | temp[2];
if (real_offset > in_data.size()) {
return nullptr;
}
u16 data_size{}; u16 data_size{};
if (ips->ReadObject(&data_size, offset) != sizeof(u16)) if (ips->ReadObject(&data_size, offset) != sizeof(u16))
return nullptr; return nullptr;
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment