Correct bounds checking for /dev/sdio/slot0

The bounds checks in IOCtl were using 0x200 as the size of
m_Registers, which is more than the actual size, 0x200 / 4.

This commit turns m_Registers into an std::array to allow
for a correct and obvious way of getting its size.
This commit is contained in:
JosJuice 2016-11-12 12:34:47 +01:00
parent 3b78fec24e
commit 656999d4c2
2 changed files with 10 additions and 9 deletions

View File

@ -44,7 +44,7 @@ void CWII_IPC_HLE_Device_sdio_slot0::DoState(PointerWrap& p)
p.Do(m_Status); p.Do(m_Status);
p.Do(m_BlockLength); p.Do(m_BlockLength);
p.Do(m_BusWidth); p.Do(m_BusWidth);
p.Do(m_Registers); p.Do(m_registers);
} }
void CWII_IPC_HLE_Device_sdio_slot0::EventNotify() void CWII_IPC_HLE_Device_sdio_slot0::EventNotify()
@ -87,7 +87,7 @@ IPCCommandResult CWII_IPC_HLE_Device_sdio_slot0::Open(u32 _CommandAddress, u32 _
OpenInternal(); OpenInternal();
Memory::Write_U32(GetDeviceID(), _CommandAddress + 0x4); Memory::Write_U32(GetDeviceID(), _CommandAddress + 0x4);
memset(m_Registers, 0, sizeof(m_Registers)); m_registers.fill(0);
m_Active = true; m_Active = true;
return GetDefaultReply(); return GetDefaultReply();
} }
@ -130,7 +130,7 @@ IPCCommandResult CWII_IPC_HLE_Device_sdio_slot0::IOCtl(u32 _CommandAddress)
INFO_LOG(WII_IPC_SD, "IOCTL_WRITEHCR 0x%08x - 0x%08x", reg, val); INFO_LOG(WII_IPC_SD, "IOCTL_WRITEHCR 0x%08x - 0x%08x", reg, val);
if (reg >= 0x200) if (reg >= m_registers.size())
{ {
WARN_LOG(WII_IPC_SD, "IOCTL_WRITEHCR out of range"); WARN_LOG(WII_IPC_SD, "IOCTL_WRITEHCR out of range");
break; break;
@ -139,17 +139,17 @@ IPCCommandResult CWII_IPC_HLE_Device_sdio_slot0::IOCtl(u32 _CommandAddress)
if ((reg == HCR_CLOCKCONTROL) && (val & 1)) if ((reg == HCR_CLOCKCONTROL) && (val & 1))
{ {
// Clock is set to oscillate, enable bit 1 to say it's stable // Clock is set to oscillate, enable bit 1 to say it's stable
m_Registers[reg] = val | 2; m_registers[reg] = val | 2;
} }
else if ((reg == HCR_SOFTWARERESET) && val) else if ((reg == HCR_SOFTWARERESET) && val)
{ {
// When a reset is specified, the register gets cleared // When a reset is specified, the register gets cleared
m_Registers[reg] = 0; m_registers[reg] = 0;
} }
else else
{ {
// Default to just storing the new value // Default to just storing the new value
m_Registers[reg] = val; m_registers[reg] = val;
} }
} }
break; break;
@ -158,13 +158,13 @@ IPCCommandResult CWII_IPC_HLE_Device_sdio_slot0::IOCtl(u32 _CommandAddress)
{ {
u32 reg = Memory::Read_U32(BufferIn); u32 reg = Memory::Read_U32(BufferIn);
if (reg >= 0x200) if (reg >= m_registers.size())
{ {
WARN_LOG(WII_IPC_SD, "IOCTL_READHCR out of range"); WARN_LOG(WII_IPC_SD, "IOCTL_READHCR out of range");
break; break;
} }
u32 val = m_Registers[reg]; u32 val = m_registers[reg];
INFO_LOG(WII_IPC_SD, "IOCTL_READHCR 0x%08x - 0x%08x", reg, val); INFO_LOG(WII_IPC_SD, "IOCTL_READHCR 0x%08x - 0x%08x", reg, val);
// Just reading the register // Just reading the register

View File

@ -6,6 +6,7 @@
#pragma once #pragma once
#include <array>
#include <string> #include <string>
#include "Core/IPC_HLE/WII_IPC_HLE_Device.h" #include "Core/IPC_HLE/WII_IPC_HLE_Device.h"
@ -119,7 +120,7 @@ private:
u32 m_BlockLength; u32 m_BlockLength;
u32 m_BusWidth; u32 m_BusWidth;
u32 m_Registers[0x200 / 4]; std::array<u32, 0x200 / sizeof(u32)> m_registers;
File::IOFile m_Card; File::IOFile m_Card;