From dd35a968f8970c30cdfe3d6d2a96920a736d42ec Mon Sep 17 00:00:00 2001 From: Lioncash Date: Sat, 24 May 2014 18:21:17 -0400 Subject: [PATCH] Fix a struct overflow case in WII_IPC_HLE_Device_hid.cpp WiiHIDDeviceDescriptor is 20 bytes in size (2 of which are padding bytes) libusb_device_descriptor on the other hand is 18 bytes (does not have the 2 padding bytes). So we were pulling 20 bytes out of an 18 byte struct, which isn't really correct. --- .../Core/IPC_HLE/WII_IPC_HLE_Device_hid.cpp | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/Source/Core/Core/IPC_HLE/WII_IPC_HLE_Device_hid.cpp b/Source/Core/Core/IPC_HLE/WII_IPC_HLE_Device_hid.cpp index b33c989718..6c7f04aec6 100644 --- a/Source/Core/Core/IPC_HLE/WII_IPC_HLE_Device_hid.cpp +++ b/Source/Core/Core/IPC_HLE/WII_IPC_HLE_Device_hid.cpp @@ -329,11 +329,20 @@ bool CWII_IPC_HLE_Device_hid::IOCtlV(u32 _CommandAddress) void CWII_IPC_HLE_Device_hid::ConvertDeviceToWii(WiiHIDDeviceDescriptor *dest, const struct libusb_device_descriptor *src) { - memcpy(dest,src,sizeof(WiiHIDDeviceDescriptor)); - dest->bcdUSB = Common::swap16(dest->bcdUSB); - dest->idVendor = Common::swap16(dest->idVendor); - dest->idProduct = Common::swap16(dest->idProduct); - dest->bcdDevice = Common::swap16(dest->bcdDevice); + dest->bLength = src->bLength; + dest->bDescriptorType = src->bDescriptorType; + dest->bcdUSB = Common::swap16(src->bcdUSB); + dest->bDeviceClass = src->bDeviceClass; + dest->bDeviceSubClass = src->bDeviceSubClass; + dest->bDeviceProtocol = src->bDeviceProtocol; + dest->bMaxPacketSize0 = src->bMaxPacketSize0; + dest->idVendor = Common::swap16(src->idVendor); + dest->idProduct = Common::swap16(src->idProduct); + dest->bcdDevice = Common::swap16(src->bcdDevice); + dest->iManufacturer = src->iManufacturer; + dest->iProduct = src->iProduct; + dest->iSerialNumber = src->iSerialNumber; + dest->bNumConfigurations = src->bNumConfigurations; } void CWII_IPC_HLE_Device_hid::ConvertConfigToWii(WiiHIDConfigDescriptor *dest, const struct libusb_config_descriptor *src)