dolphin/Source/Core/VideoBackends/Software
Pokechu22 a3951dc2d7 Fix out of bounds accesses for invalid vertex component formats
On all platforms, this would result in out of bounds accesses when getting the component sizes (which uses stuff from VertexLoader_Position.h/VertexLoader_TextCoord.h/VertexLoader_Normal.h). On platforms other than x64 and ARM64, this would also be out of bounds accesses when getting function pointers for the non-JIT vertex loader (in VertexLoader_Position.cpp etc.). Usually both of these would get data from other entries in the same multi-dimensional array, but the last few entries would be truly out of bounds. This does mean that an out of bounds function pointer can be called on platforms that don't have a JIT vertex loader, but it is limited to invalid component formats with values 5/6/7 due to the size of the bitfield the formats come from, so it seems unlikely that this could be exploited in practice.

This issue affects a few games; Def Jam: Fight for New York (https://bugs.dolphin-emu.org/issues/12719) and Fifa Street are known to be affected.

I have not done any hardware testing for this PR specifically, though I *think* I previously determined that at least a value of 5 behaves the same as float (4). That's what I implemented in any case. I did previously determine that both Def Jam: Fight for New York and Fifa Street use an invalid normal format, but don't actually have lighting enabled when that normal vector is used, so it doesn't change rendering in practice.

The color component format also has two invalid values, but VertexLoader_Color.h/.cpp do check for those invalid ones and return a default value instead of doing an out of bounds access.
2024-04-04 12:50:34 -07:00
..
CMakeLists.txt Implement AbstractGfx for Software & Null 2023-01-31 19:41:23 +13:00
Clipper.cpp VideoCommon/Statistics: Require semicolons after statistics macros 2022-10-29 15:39:41 -07:00
Clipper.h Software: Fix zfreeze with CullMode::All 2022-04-08 20:05:32 -07:00
CopyRegion.h Software: Fix out of bounds accesses in CopyRegion 2021-03-06 21:58:28 -08:00
EfbCopy.cpp Fix out of bound write in EfbCopy::ClearEfb 2023-12-09 02:15:42 +01:00
EfbCopy.h treewide: convert GPLv2+ license info to SPDX tags 2021-07-05 04:35:56 +02:00
EfbInterface.cpp Software: Use hardware-verified numbers for RGB->YUV conversion 2022-07-16 00:07:10 -07:00
EfbInterface.h treewide: convert GPLv2+ license info to SPDX tags 2021-07-05 04:35:56 +02:00
NativeVertexFormat.h treewide: convert GPLv2+ license info to SPDX tags 2021-07-05 04:35:56 +02:00
Rasterizer.cpp SW/Rasterizer: Use RAS1_IREF::getTexCoord and getTexMap 2022-08-29 11:10:05 -07:00
Rasterizer.h SW/Tev: Replace Tev::SetRegColor with Tev::SetKonstColors 2022-08-29 11:10:05 -07:00
SWBoundingBox.cpp VideoCommon: Use std::span for BoundingBox::Write() 2023-12-09 16:33:21 -05:00
SWBoundingBox.h VideoCommon: Use std::span for BoundingBox::Write() 2023-12-09 16:33:21 -05:00
SWGfx.cpp Software/SWGfx: Default destructor in cpp file 2023-12-12 20:33:43 -05:00
SWGfx.h Software/SWGfx: Default destructor in cpp file 2023-12-12 20:33:43 -05:00
SWOGLWindow.cpp Software: Fix mipmaps and uneven strides in SWTexture 2022-09-26 19:43:57 -07:00
SWOGLWindow.h treewide: convert GPLv2+ license info to SPDX tags 2021-07-05 04:35:56 +02:00
SWRenderer.cpp Move ConfigChanged out of RenderBase 2023-01-31 19:41:24 +13:00
SWRenderer.h Implement AbstractGfx for Software & Null 2023-01-31 19:41:23 +13:00
SWTexture.cpp VideoBackends: add support to allow rendering to multiple output textures 2023-06-03 14:52:31 -05:00
SWTexture.h VideoBackends: add support to allow rendering to multiple output textures 2023-06-03 14:52:31 -05:00
SWVertexLoader.cpp Fix out of bounds accesses for invalid vertex component formats 2024-04-04 12:50:34 -07:00
SWVertexLoader.h Software: Fix zfreeze with CullMode::All 2022-04-08 20:05:32 -07:00
SWmain.cpp VideoCommon: Pass WindowSystemInfo to InitBackendInfo 2023-06-08 22:07:39 -07:00
SetupUnit.cpp Convert OpcodeDecoder::Opcode and OpcodeDecoder::Primitive to enum class 2021-12-18 12:51:56 -08:00
SetupUnit.h Convert OpcodeDecoder::Opcode and OpcodeDecoder::Primitive to enum class 2021-12-18 12:51:56 -08:00
Tev.cpp Merge pull request #11389 from Pokechu22/sw-no-alpha-1-hack 2022-12-29 13:08:04 -05:00
Tev.h Fix uninitialized variable warnings (C26495) 2023-02-15 19:18:39 -08:00
TextureCache.h TextureCache: Refactor with smart pointers 2023-01-31 18:29:47 +13:00
TextureEncoder.cpp Rename bpmem.copyMipMapStrideChannels to bpmem.copyDestStride 2023-11-11 23:32:14 -08:00
TextureEncoder.h treewide: convert GPLv2+ license info to SPDX tags 2021-07-05 04:35:56 +02:00
TextureSampler.cpp HW/Memmap: Refactor Memory to class, move to Core::System. 2022-12-03 13:27:02 +01:00
TextureSampler.h treewide: convert GPLv2+ license info to SPDX tags 2021-07-05 04:35:56 +02:00
TransformUnit.cpp VideoCommon: Add comment explaining why only the first normal gets normalized 2022-04-22 16:54:38 -07:00
TransformUnit.h VideoCommon: Handle emboss texgen with only a single normal 2022-04-22 16:54:38 -07:00
Vec3.h Fix all uninitialized variable warnings (C26495) 2021-10-13 12:32:16 -07:00
VideoBackend.h VideoCommon: Pass WindowSystemInfo to InitBackendInfo 2023-06-08 22:07:39 -07:00