ShuriZma
/
dolphin
mirror of https://github.com/dolphin-emu/dolphin.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

IPC_HLE: Fix emulated BT crash (uninitialised memory) 

When the emulated BT device is created, m_HCIEndpoint (which is a
CtrlBuffer)'s m_cmd_address is not initialised to 0. So it ends up
being a random value. This is normally not an issue… but the
emulated Bluetooth code relies on m_cmd_address to know whether the
HCI endpoint is still valid.

This is a problem with ES_Launch, because the bt_emu class is
destructed and re-constructed, and while m_cmd_address is still
uninitialised, the ES_Launch code disconnects all Wii remotes,
which triggers a HCI event and hence the bug.
This commit is contained in:
Léo Lam 2016-11-18 22:06:42 +01:00
parent d3710d5cff
commit 165e3a9936
2 changed files with 13 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Source/Core/Core/IPC_HLE/WII_IPC_HLE_Device_usb_bt_base.cpp
View File

@ -82,7 +82,7 @@ CWII_IPC_HLE_Device_usb_oh1_57e_305_base::CtrlBuffer::CtrlBuffer(const SIOCtlVBu
void CWII_IPC_HLE_Device_usb_oh1_57e_305_base::CtrlBuffer::FillBuffer(const u8* src, void CWII_IPC_HLE_Device_usb_oh1_57e_305_base::CtrlBuffer::FillBuffer(const u8* src,
const size_t size) const const size_t size) const
{ {
_dbg_assert_msg_(WII_IPC_WIIMOTE, size <= m_length, "FillBuffer: size %li > payload length %i", _assert_msg_(WII_IPC_WIIMOTE, size <= m_length, "FillBuffer: size %li > payload length %i", size,
size, m_length); m_length);
Memory::CopyToEmu(m_payload_addr, src, size); Memory::CopyToEmu(m_payload_addr, src, size);
} }

22
Source/Core/Core/IPC_HLE/WII_IPC_HLE_Device_usb_bt_base.h
View File

@ -58,13 +58,13 @@ protected:
CtrlMessage() = default; CtrlMessage() = default;
CtrlMessage(const SIOCtlVBuffer& cmd_buffer); CtrlMessage(const SIOCtlVBuffer& cmd_buffer);
u8 request_type; u8 request_type = 0;
u8 request; u8 request = 0;
u16 value; u16 value = 0;
u16 index; u16 index = 0;
u16 length; u16 length = 0;
u32 payload_addr; u32 payload_addr = 0;
u32 address; u32 address = 0;
}; };
class CtrlBuffer class CtrlBuffer
@ -77,9 +77,9 @@ protected:
void SetRetVal(const u32 retval) const { Memory::Write_U32(retval, m_cmd_address + 4); } void SetRetVal(const u32 retval) const { Memory::Write_U32(retval, m_cmd_address + 4); }
bool IsValid() const { return m_cmd_address != 0; } bool IsValid() const { return m_cmd_address != 0; }
void Invalidate() { m_cmd_address = m_payload_addr = 0; } void Invalidate() { m_cmd_address = m_payload_addr = 0; }
u8 m_endpoint; u8 m_endpoint = 0;
u16 m_length; u16 m_length = 0;
u32 m_payload_addr; u32 m_payload_addr = 0;
u32 m_cmd_address; u32 m_cmd_address = 0;
}; };
}; };