From 7d53916466176663df7a122e664441fbcd18c080 Mon Sep 17 00:00:00 2001 From: "Admiral H. Curtiss" Date: Sat, 9 Dec 2023 15:42:15 +0100 Subject: [PATCH 1/3] HW/CEXIIPL: Respect bounds in LoadFileToIPL(). --- Source/Core/Core/HW/EXI/EXI_DeviceIPL.cpp | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/Source/Core/Core/HW/EXI/EXI_DeviceIPL.cpp b/Source/Core/Core/HW/EXI/EXI_DeviceIPL.cpp index dddcee0077..197c0735d6 100644 --- a/Source/Core/Core/HW/EXI/EXI_DeviceIPL.cpp +++ b/Source/Core/Core/HW/EXI/EXI_DeviceIPL.cpp @@ -159,13 +159,18 @@ void CEXIIPL::DoState(PointerWrap& p) bool CEXIIPL::LoadFileToIPL(const std::string& filename, u32 offset) { + if (offset >= ROM_SIZE) + return false; + File::IOFile stream(filename, "rb"); if (!stream) return false; - u64 filesize = stream.GetSize(); + const u64 filesize = stream.GetSize(); + if (offset >= filesize) + return false; - if (!stream.ReadBytes(&m_rom[offset], filesize)) + if (!stream.ReadBytes(&m_rom[offset], std::min(filesize, ROM_SIZE) - offset)) return false; m_fonts_loaded = true; From 57e166dbef1508ae69b858e1c051406074e9310b Mon Sep 17 00:00:00 2001 From: "Admiral H. Curtiss" Date: Sat, 9 Dec 2023 15:43:03 +0100 Subject: [PATCH 2/3] HW/CEXIIPL: Consider that the loaded file may not actually contain a nullterminated string. --- Source/Core/Core/HW/EXI/EXI_DeviceIPL.cpp | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Source/Core/Core/HW/EXI/EXI_DeviceIPL.cpp b/Source/Core/Core/HW/EXI/EXI_DeviceIPL.cpp index 197c0735d6..83700fa0d7 100644 --- a/Source/Core/Core/HW/EXI/EXI_DeviceIPL.cpp +++ b/Source/Core/Core/HW/EXI/EXI_DeviceIPL.cpp @@ -111,8 +111,9 @@ CEXIIPL::CEXIIPL(Core::System& system) : IEXIDevice(system) { // Descramble the encrypted section (contains BS1 and BS2) Descrambler(&m_rom[0x100], 0x1afe00); - // yay for null-terminated strings - const std::string_view name{reinterpret_cast(m_rom.get())}; + + const std::string_view name{reinterpret_cast(m_rom.get()), + strnlen(reinterpret_cast(m_rom.get()), 0x100)}; INFO_LOG_FMT(BOOT, "Loaded bootrom: {}", name); } else From 8194b53166f8bd2852b9d183b4f549a0ed292f5e Mon Sep 17 00:00:00 2001 From: "Admiral H. Curtiss" Date: Sat, 9 Dec 2023 15:45:29 +0100 Subject: [PATCH 3/3] HW/CEXIIPL: Check for errors when reading font. --- Source/Core/Core/HW/EXI/EXI_DeviceIPL.cpp | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/Source/Core/Core/HW/EXI/EXI_DeviceIPL.cpp b/Source/Core/Core/HW/EXI/EXI_DeviceIPL.cpp index 83700fa0d7..9209cccbf4 100644 --- a/Source/Core/Core/HW/EXI/EXI_DeviceIPL.cpp +++ b/Source/Core/Core/HW/EXI/EXI_DeviceIPL.cpp @@ -240,8 +240,11 @@ void CEXIIPL::LoadFontFile(const std::string& filename, u32 offset) INFO_LOG_FMT(BOOT, "Found IPL dump, loading {} font from {}", (offset == 0x1aff00) ? "Shift JIS" : "Windows-1252", ipl_rom_path); - stream.Seek(offset, File::SeekOrigin::Begin); - stream.ReadBytes(&m_rom[offset], fontsize); + if (!stream.Seek(offset, File::SeekOrigin::Begin) || !stream.ReadBytes(&m_rom[offset], fontsize)) + { + WARN_LOG_FMT(BOOT, "Failed to read font from IPL dump."); + return; + } m_fonts_loaded = true; }