From 8e5b84b0972446ab856bd9a399d82bdf3a6778eb Mon Sep 17 00:00:00 2001 From: Abel Briggs Date: Mon, 29 Apr 2024 20:36:57 -0700 Subject: [PATCH] DEV9: Fix MacOS crash upon receiving an ICMP reply Apple (old BSD)'s raw IP sockets implementation converts the `ip_len` field to host byte order, but also subtracts the IP header length as well. This caused us to effectively subtract the header length twice and allocate the return ping in `ICMP_Session::Recv() with a negative size, crashing PCSX2. --- pcsx2/DEV9/Sessions/ICMP_Session/ICMP_Session.cpp | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/pcsx2/DEV9/Sessions/ICMP_Session/ICMP_Session.cpp b/pcsx2/DEV9/Sessions/ICMP_Session/ICMP_Session.cpp index 04748d410e..29c3463c05 100644 --- a/pcsx2/DEV9/Sessions/ICMP_Session/ICMP_Session.cpp +++ b/pcsx2/DEV9/Sessions/ICMP_Session/ICMP_Session.cpp @@ -430,13 +430,10 @@ namespace Sessions offset = headerLength; #ifdef __APPLE__ + //Apple (old BSD)'s raw IP sockets implementation converts the ip_len field to host byte order + //and additionally subtracts the header length. //https://www.unix.com/man-page/mojave/4/ip/ - //"Note that the ip_off and ip_len fields are in host byte order." - //Any other bugs? FreeBSD notes the following - //Before FreeBSD 11.0 packets received on raw IP sockets had the ip_len and ip_off fields converted to host byte order. - //Before FreeBSD 10.0 packets received on raw IP sockets had the ip_hl sub-tracted from the ip_len field. - //TODO, test - length = ipHeader->ip_len - headerLength; + length = ipHeader->ip_len; #else length = ntohs(ipHeader->ip_len) - headerLength; #endif