From 6f049c2ab8e822ff32363581ef204db68bffff92 Mon Sep 17 00:00:00 2001 From: zeromus Date: Thu, 17 Sep 2015 18:18:06 -0500 Subject: [PATCH] discsys/psx - dont crash when reading absurdly negative LBAs --- .../Consoles/Sony/PSX/Octoshock.cs | 12 ++++++++---- .../DiscSectorReader.cs | 16 +++++++++++++++- .../Internal/SectorSynth.cs | 2 ++ output/dll/octoshock.dll | Bin 924160 -> 924160 bytes psx/octoshock/psx/psx.cpp | 5 +++-- 5 files changed, 28 insertions(+), 7 deletions(-) diff --git a/BizHawk.Emulation.Cores/Consoles/Sony/PSX/Octoshock.cs b/BizHawk.Emulation.Cores/Consoles/Sony/PSX/Octoshock.cs index 64cdfca665..c8c738ac72 100644 --- a/BizHawk.Emulation.Cores/Consoles/Sony/PSX/Octoshock.cs +++ b/BizHawk.Emulation.Cores/Consoles/Sony/PSX/Octoshock.cs @@ -201,10 +201,14 @@ namespace BizHawk.Emulation.Cores.Sony.PSX //todo - cache reader DiscSystem.DiscSectorReader dsr = new DiscSystem.DiscSectorReader(Disc); - dsr.ReadLBA_2448(lba, SectorBuffer, 0); - Marshal.Copy(SectorBuffer, 0, new IntPtr(dst), 2448); - - return OctoshockDll.SHOCK_OK; + int readed = dsr.ReadLBA_2448(lba, SectorBuffer, 0); + if (readed == 2448) + { + Marshal.Copy(SectorBuffer, 0, new IntPtr(dst), 2448); + return OctoshockDll.SHOCK_OK; + } + else + return OctoshockDll.SHOCK_ERROR; } } diff --git a/BizHawk.Emulation.DiscSystem/DiscSectorReader.cs b/BizHawk.Emulation.DiscSystem/DiscSectorReader.cs index 5917fae582..71dd18298e 100644 --- a/BizHawk.Emulation.DiscSystem/DiscSectorReader.cs +++ b/BizHawk.Emulation.DiscSystem/DiscSectorReader.cs @@ -87,6 +87,8 @@ namespace BizHawk.Emulation.DiscSystem { var sector = disc.SynthProvider.Get(lba); + if (sector == null) return 0; + PrepareBuffer(buffer, offset, 2352); PrepareJob(lba); job.DestBuffer2448 = buf2442; @@ -110,6 +112,8 @@ namespace BizHawk.Emulation.DiscSystem public int ReadLBA_2448(int lba, byte[] buffer, int offset) { var sector = disc.SynthProvider.Get(lba); + + if (sector == null) return 0; PrepareBuffer(buffer, offset, 2352); PrepareJob(lba); @@ -122,7 +126,7 @@ namespace BizHawk.Emulation.DiscSystem sector.Synth(job); //we went straight to the caller's buffer, so no need to copy - return 2442; + return 2448; } int ReadLBA_2048_Mode1(int lba, byte[] buffer, int offset) @@ -130,6 +134,8 @@ namespace BizHawk.Emulation.DiscSystem //we can read the 2048 bytes directly var sector = disc.SynthProvider.Get(lba); + if (sector == null) return 0; + PrepareBuffer(buffer, offset, 2048); PrepareJob(lba); job.DestBuffer2448 = buf2442; @@ -147,6 +153,8 @@ namespace BizHawk.Emulation.DiscSystem //we can read the 2048 bytes directly but we have to get them from the mode 2 data var sector = disc.SynthProvider.Get(lba); + if (sector == null) return 0; + PrepareBuffer(buffer, offset, 2048); PrepareJob(lba); job.DestBuffer2448 = buf2442; @@ -167,6 +175,8 @@ namespace BizHawk.Emulation.DiscSystem { var sector = disc.SynthProvider.Get(lba); + if (sector == null) return 0; + PrepareBuffer(buffer, offset, 12); PrepareJob(lba); job.DestBuffer2448 = buf2442; @@ -198,6 +208,8 @@ namespace BizHawk.Emulation.DiscSystem //in no case do we need the ECC so build special flags here var sector = disc.SynthProvider.Get(lba); + if (sector == null) return 0; + PrepareBuffer(buffer, offset, 2048); PrepareJob(lba); job.DestBuffer2448 = buf2442; @@ -273,6 +285,8 @@ namespace BizHawk.Emulation.DiscSystem { var sector = disc.SynthProvider.Get(lba); + if (sector == null) return 0; + PrepareJob(lba); job.DestBuffer2448 = buf2442; job.DestOffset = 0; diff --git a/BizHawk.Emulation.DiscSystem/Internal/SectorSynth.cs b/BizHawk.Emulation.DiscSystem/Internal/SectorSynth.cs index a16dee9813..07caf7d171 100644 --- a/BizHawk.Emulation.DiscSystem/Internal/SectorSynth.cs +++ b/BizHawk.Emulation.DiscSystem/Internal/SectorSynth.cs @@ -133,6 +133,8 @@ namespace BizHawk.Emulation.DiscSystem public ISectorSynthJob2448 Get(int lba) { int index = lba - FirstLBA; + if (index < 0) return null; + if (index >= Sectors.Count) return null; return Sectors[index]; } } diff --git a/output/dll/octoshock.dll b/output/dll/octoshock.dll index 1786a3712b672697eb1ecb93f1b864907ccd56a2..e8a0a325dc222798ca5df30eab5a82b32776fbb0 100644 GIT binary patch delta 573 zcmZqJV$rb0VuJ)Dvy=Pp&C-lX#*93Z>r9#iUokN-Xdmxv%ZO!QXg$E+e`~U!>3!E< zj0_CTKN$I2Pckqtbhq^YC7VzG?`+EfGWg{kfI=WvZ!gQY|NpZX1H1iLm=6cMP}{}@ zG^5m>U!c|G|NsA!&CM(fdR?b^D@l}iK6W#Vt;n|#7dmOptbhPfP2b5kc9nCmlMot$8<&KNtn!#s-d z)8xnI^|F`Va4~fEG60>YeZI3T0Aw4O*Lsq_|NG>6i+IMy&G#*o85xBpGh2DGym$q4 z?!^$r$!D!3CU;uNv-BVY!Wa!Ft5~aS4zLd5_E%`#GF9P1;pGy%(I=>mDgO$8W?Axz=&V~#ubAD5O0~t%dn-K7sz5@fXVRy*&;yv z1t|9gAve7~pH~tT>Dy=L^U87vmhdFm$JnK~FFxNhu|sHoKg;%$<-E~6%#J`6>MgwI ZRd^|F;|{W%F+S{h@YJcUuh5kj}OUkeNUJ^S1

x;x&1$nJSkGn9Ic9$~F0nnXF*?RxD;Ry~v$xVXn`3cXEcgI%DeO3Fc9Zzb3yn zuV=h9Iom>-@&Dv@i+IM)&Ce~A85yM}b6a^bewe(`%4YIJD|yB#Kvor_`H&b9$NdrtT10DeK&Iqs7;x|pcG*!%$Oc2>XEZ}qdfegDMA8J~@Qks-p( z(ET*_5DUW@AZX@wZRd4m1Y#y2W(HywAZ7((HXvpPVh$kY1Y#~A<_2P(?YyqM=33Uk zxCjLXFat0S7#x6j%S2v=E#Gk=%lAy@kK0BXRmP2r} z&(esf+=uSdWXkq4_#R~v+J3T}H=2j}08oW`3-5Uqo-Wf3riV;VnSM6?ZMvOlCGWoi E0Jp2co&W#< diff --git a/psx/octoshock/psx/psx.cpp b/psx/octoshock/psx/psx.cpp index bbe63bba12..7a30774eb9 100644 --- a/psx/octoshock/psx/psx.cpp +++ b/psx/octoshock/psx/psx.cpp @@ -2415,11 +2415,12 @@ Breakout: bool ShockDiscRef::ReadLBA_PW(uint8* pwbuf96, int32 lba, bool hint_fullread) { //TODO - whats that hint mean - //TODO - should return false if out of range totally //reference: static const int32 LBA_Read_Minimum = -150; //reference: static const int32 LBA_Read_Maximum = 449849; // 100 * 75 * 60 - 150 - 1 u8 tmp[2448]; - ReadLBA2448(lba,tmp); + s32 ret = ReadLBA2448(lba,tmp); + if(ret != SHOCK_OK) + return false; memcpy(pwbuf96,tmp+2352,96); return true; }