IOS/ES: Fix crash when deleting tickets

This broke formatting the system memory; see https://bugs.dolphin-emu.org/issues/13176. After calling ticket.DeleteTicket(), ticket.m_bytes was 0-length, but calling ticket.IsV1Ticket() still attempted to read from m_bytes.

This was introduced in 2fd9852ca8, although it didn't actually cause a crash until 929fba08e7.
This commit is contained in:
Pokechu22 2023-02-20 18:31:30 -08:00
parent 45b55f7ccd
commit f2ac3aec94
1 changed files with 6 additions and 2 deletions

View File

@ -580,15 +580,19 @@ ReturnCode ESDevice::DeleteTicket(const u8* ticket_view)
if (!ticket.IsValid()) if (!ticket.IsValid())
return FS_ENOENT; return FS_ENOENT;
const bool was_v1_ticket = ticket.IsV1Ticket();
const std::string ticket_path =
was_v1_ticket ? Common::GetV1TicketFileName(title_id) : Common::GetTicketFileName(title_id);
const u64 ticket_id = Common::swap64(ticket_view + offsetof(ES::TicketView, ticket_id)); const u64 ticket_id = Common::swap64(ticket_view + offsetof(ES::TicketView, ticket_id));
ticket.DeleteTicket(ticket_id); ticket.DeleteTicket(ticket_id);
const std::vector<u8>& new_ticket = ticket.GetBytes(); const std::vector<u8>& new_ticket = ticket.GetBytes();
const std::string ticket_path = ticket.IsV1Ticket() ? Common::GetV1TicketFileName(title_id) :
Common::GetTicketFileName(title_id);
if (!new_ticket.empty()) if (!new_ticket.empty())
{ {
ASSERT(ticket.IsValid());
ASSERT(ticket.IsV1Ticket() == was_v1_ticket);
const auto file = fs->OpenFile(PID_KERNEL, PID_KERNEL, ticket_path, FS::Mode::ReadWrite); const auto file = fs->OpenFile(PID_KERNEL, PID_KERNEL, ticket_path, FS::Mode::ReadWrite);
if (!file || !file->Write(new_ticket.data(), new_ticket.size())) if (!file || !file->Write(new_ticket.data(), new_ticket.size()))
return ES_EIO; return ES_EIO;