ShuriZma
/
dolphin
mirror of https://github.com/dolphin-emu/dolphin.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

BTReal: Fix unsafe reinterpret_casts 

Using reinterpret_cast like that is possibly UB.
Replace them with structs/memcpy calls where applicable.
This commit is contained in:
Léo Lam 2018-06-09 22:44:25 +02:00
parent de0fe0e210
commit 8bb08d1ca6
1 changed files with 37 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
Source/Core/Core/IOS/USB/Bluetooth/BTReal.cpp
View File

@ -356,15 +356,17 @@ void BluetoothReal::TriggerSyncButtonHeldEvent()
void BluetoothReal::WaitForHCICommandComplete(const u16 opcode) void BluetoothReal::WaitForHCICommandComplete(const u16 opcode)
{ {
int actual_length; int actual_length;
std::vector<u8> buffer(1024); SHCIEventCommand packet;
// Only try 100 transfers at most, to avoid being stuck in an infinite loop // Only try 100 transfers at most, to avoid being stuck in an infinite loop
for (int tries = 0; tries < 100; ++tries) for (int tries = 0; tries < 100; ++tries)
{ {
if (libusb_interrupt_transfer(m_handle, HCI_EVENT, buffer.data(), const int ret = libusb_interrupt_transfer(m_handle, HCI_EVENT, reinterpret_cast<u8*>(&packet),
static_cast<int>(buffer.size()), &actual_length, 20) == 0 && sizeof(packet), &actual_length, 20);
reinterpret_cast<hci_event_hdr_t*>(buffer.data())->event == HCI_EVENT_COMMAND_COMPL && if (ret == 0 && actual_length == sizeof(packet) &&
reinterpret_cast<SHCIEventCommand*>(buffer.data())->Opcode == opcode) packet.EventType == HCI_EVENT_COMMAND_COMPL && packet.Opcode == opcode)
{
break; break;
}
} }
} }
@ -381,18 +383,19 @@ void BluetoothReal::SendHCIResetCommand()
void BluetoothReal::SendHCIDeleteLinkKeyCommand() void BluetoothReal::SendHCIDeleteLinkKeyCommand()
{ {
const u8 type = LIBUSB_ENDPOINT_OUT | LIBUSB_REQUEST_TYPE_CLASS | LIBUSB_RECIPIENT_INTERFACE; const u8 type = LIBUSB_ENDPOINT_OUT | LIBUSB_REQUEST_TYPE_CLASS | LIBUSB_RECIPIENT_INTERFACE;
std::vector<u8> packet(sizeof(hci_cmd_hdr_t) + sizeof(hci_delete_stored_link_key_cp)); struct Payload
{
hci_cmd_hdr_t header;
hci_delete_stored_link_key_cp command;
};
Payload payload;
payload.header.opcode = HCI_CMD_DELETE_STORED_LINK_KEY;
payload.header.length = sizeof(payload.command);
payload.command.bdaddr = {};
payload.command.delete_all = true;
auto* header = reinterpret_cast<hci_cmd_hdr_t*>(packet.data()); libusb_control_transfer(m_handle, type, 0, 0, 0, reinterpret_cast<u8*>(&payload),
header->opcode = HCI_CMD_DELETE_STORED_LINK_KEY; static_cast<u16>(sizeof(payload)), TIMEOUT);
header->length = sizeof(hci_delete_stored_link_key_cp);
auto* cmd =
reinterpret_cast<hci_delete_stored_link_key_cp*>(packet.data() + sizeof(hci_cmd_hdr_t));
cmd->bdaddr = {};
cmd->delete_all = true;
libusb_control_transfer(m_handle, type, 0, 0, 0, packet.data(), static_cast<u16>(packet.size()),
TIMEOUT);
} }
bool BluetoothReal::SendHCIStoreLinkKeyCommand() bool BluetoothReal::SendHCIStoreLinkKeyCommand()
@ -407,13 +410,14 @@ bool BluetoothReal::SendHCIStoreLinkKeyCommand()
(sizeof(bdaddr_t) + sizeof(linkkey_t)) * static_cast<u8>(m_link_keys.size()); (sizeof(bdaddr_t) + sizeof(linkkey_t)) * static_cast<u8>(m_link_keys.size());
std::vector<u8> packet(sizeof(hci_cmd_hdr_t) + payload_size); std::vector<u8> packet(sizeof(hci_cmd_hdr_t) + payload_size);
auto* header = reinterpret_cast<hci_cmd_hdr_t*>(packet.data()); hci_cmd_hdr_t header{};
header->opcode = HCI_CMD_WRITE_STORED_LINK_KEY; header.opcode = HCI_CMD_WRITE_STORED_LINK_KEY;
header->length = payload_size; header.length = payload_size;
std::memcpy(packet.data(), &header, sizeof(header));
auto* cmd = hci_write_stored_link_key_cp command{};
reinterpret_cast<hci_write_stored_link_key_cp*>(packet.data() + sizeof(hci_cmd_hdr_t)); command.num_keys_write = static_cast<u8>(m_link_keys.size());
cmd->num_keys_write = static_cast<u8>(m_link_keys.size()); std::memcpy(packet.data() + sizeof(hci_cmd_hdr_t), &command, sizeof(command));
// This is really ugly, but necessary because of the HCI command structure: // This is really ugly, but necessary because of the HCI command structure:
// u8 num_keys; // u8 num_keys;
@ -660,21 +664,21 @@ void BluetoothReal::HandleBulkOrIntrTransfer(libusb_transfer* tr)
if (tr->status == LIBUSB_TRANSFER_COMPLETED && tr->endpoint == HCI_EVENT) if (tr->status == LIBUSB_TRANSFER_COMPLETED && tr->endpoint == HCI_EVENT)
{ {
const auto* event = reinterpret_cast<hci_event_hdr_t*>(tr->buffer); const u8 event = tr->buffer[0];
if (event->event == HCI_EVENT_LINK_KEY_NOTIFICATION) if (event == HCI_EVENT_LINK_KEY_NOTIFICATION)
{ {
const auto* notification = hci_link_key_notification_ep notification;
reinterpret_cast<hci_link_key_notification_ep*>(tr->buffer + sizeof(hci_event_hdr_t)); std::memcpy(&notification, tr->buffer + sizeof(hci_event_hdr_t), sizeof(notification));
linkkey_t key; linkkey_t key;
std::copy(std::begin(notification->key), std::end(notification->key), std::begin(key)); std::copy(std::begin(notification.key), std::end(notification.key), std::begin(key));
m_link_keys[notification->bdaddr] = key; m_link_keys[notification.bdaddr] = key;
} }
else if (event->event == HCI_EVENT_COMMAND_COMPL && else if (event == HCI_EVENT_COMMAND_COMPL)
reinterpret_cast<hci_command_compl_ep*>(tr->buffer + sizeof(*event))->opcode ==
HCI_CMD_RESET)
{ {
m_need_reset_keys.Set(); hci_command_compl_ep complete_event;
std::memcpy(&complete_event, tr->buffer + sizeof(hci_event_hdr_t), sizeof(complete_event));
if (complete_event.opcode == HCI_CMD_RESET)
m_need_reset_keys.Set();
} }
} }