From 8b2de15096733da7abd2b0bde360458410962bae Mon Sep 17 00:00:00 2001 From: Gregory Hainaut Date: Thu, 10 Sep 2015 13:40:45 +0200 Subject: [PATCH 01/20] build: add an option to build a coverity DB --- build.sh | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/build.sh b/build.sh index 38756f0156..10345d8840 100755 --- a/build.sh +++ b/build.sh @@ -22,6 +22,7 @@ cleanBuild=0 useClang=0 # 0 => no, 1 => yes, 2 => force yes useCross=2 +CoverityBuild=0 for ARG in "$@"; do case "$ARG" in @@ -41,6 +42,7 @@ for ARG in "$@"; do --no-simd ) flags+=(-DDISABLE_ADVANCE_SIMD=TRUE) ;; --cross-multilib ) flags+=(-DCMAKE_TOOLCHAIN_FILE=cmake/linux-compiler-i386-multilib.cmake); useCross=1; ;; --no-cross-multilib ) useCross=0; ;; + --coverity ) CoverityBuild=1; cleanBuild=1; ;; -D* ) flags+=($ARG) ;; *) @@ -66,6 +68,7 @@ for ARG in "$@"; do echo "--no-cross-multilib: Build a native PCSX2" echo "--clang : Build with Clang/llvm" echo "--asan : Enable Address sanitizer" + echo "--coverity : Do a build for coverity (require the tool)" exit 1 esac @@ -74,6 +77,8 @@ done root=$PWD/$(dirname "$0") log=$root/install_log.txt build=$root/build +coverity_dir=cov-int +coverity_result=pcsx2-coverity.xz if [[ "$cleanBuild" -eq 1 ]]; then echo "Doing a clean build." @@ -116,7 +121,13 @@ else ncpu=$(grep -w -c processor /proc/cpuinfo) fi -make -j"$ncpu" 2>&1 | tee -a $log -make install 2>&1 | tee -a $log +if [[ "$CoverityBuild" -eq 1 ]]; then + cov-build --dir $coverity_dir make -j"$ncpu" 2>&1 | tee -a $log + # Warning: $coverity_dir must be the root directory + (cd $build; tar caf $coverity_result $coverity_dir) +else + make -j"$ncpu" 2>&1 | tee -a $log + make install 2>&1 | tee -a $log +fi exit 0 From 5c933a7faf7714b01ec5cd9e60c1da2f6ebe5c1f Mon Sep 17 00:00:00 2001 From: Gregory Hainaut Date: Thu, 10 Sep 2015 13:41:22 +0200 Subject: [PATCH 02/20] pcsx2:gzip: free the index Normally index will be NULL if len is 0 but it won't hurt --- pcsx2/CDVD/GzippedFileReader.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/pcsx2/CDVD/GzippedFileReader.cpp b/pcsx2/CDVD/GzippedFileReader.cpp index 4f0ccc1354..77aed657cf 100644 --- a/pcsx2/CDVD/GzippedFileReader.cpp +++ b/pcsx2/CDVD/GzippedFileReader.cpp @@ -316,6 +316,7 @@ bool GzippedFileReader::OkIndex() { WriteIndexToFile((Access*)m_pIndex, indexfile); } else { Console.Error(L"ERROR (%d): index could not be generated for file '%s'", len, WX_STR(m_filename)); + free_index(index); InitZstates(); return false; } From 5e8f899620912c036f7e784dd2f36792f67a290e Mon Sep 17 00:00:00 2001 From: Gregory Hainaut Date: Thu, 10 Sep 2015 13:42:23 +0200 Subject: [PATCH 03/20] pcsx2:debug: miss a break that lead to a mem leak --- pcsx2/DebugTools/DisassemblyManager.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/pcsx2/DebugTools/DisassemblyManager.cpp b/pcsx2/DebugTools/DisassemblyManager.cpp index 1e8ca71513..54b2d073d3 100644 --- a/pcsx2/DebugTools/DisassemblyManager.cpp +++ b/pcsx2/DebugTools/DisassemblyManager.cpp @@ -643,6 +643,7 @@ void DisassemblyFunction::load() macro = new DisassemblyMacro(cpu,opAddress); macro->setMacroMemory("sh",immediate,rt,2); funcPos += 4; + break; case 0x2B: // sw macro = new DisassemblyMacro(cpu,opAddress); macro->setMacroMemory("sw",immediate,rt,4); From 0bcaff42140c26808d72a39b1ded8ae70e1555b7 Mon Sep 17 00:00:00 2001 From: Gregory Hainaut Date: Thu, 10 Sep 2015 13:45:42 +0200 Subject: [PATCH 04/20] pcsx2:cdvd/debug: various uninitialized data Most of the time, code is correct. In doubt always init the value. --- pcsx2/CDVD/InputIsoFile.cpp | 3 ++- pcsx2/CDVD/IsoFS/IsoFS.cpp | 5 +++-- pcsx2/DebugTools/DisR5900asm.cpp | 3 +++ pcsx2/DebugTools/DisassemblyManager.cpp | 4 +++- pcsx2/DebugTools/ExpressionParser.cpp | 4 ++-- 5 files changed, 13 insertions(+), 6 deletions(-) diff --git a/pcsx2/CDVD/InputIsoFile.cpp b/pcsx2/CDVD/InputIsoFile.cpp index 2e24817b48..ca0b3dd010 100644 --- a/pcsx2/CDVD/InputIsoFile.cpp +++ b/pcsx2/CDVD/InputIsoFile.cpp @@ -90,7 +90,8 @@ void InputIsoFile::BeginRead2(uint lsn) int InputIsoFile::FinishRead3(u8* dst, uint mode) { - int _offset, length; + int _offset = 0; + int length = 0; int ret = 0; if(m_current_lsn < 0) diff --git a/pcsx2/CDVD/IsoFS/IsoFS.cpp b/pcsx2/CDVD/IsoFS/IsoFS.cpp index efb1259c9d..47c4906933 100644 --- a/pcsx2/CDVD/IsoFS/IsoFS.cpp +++ b/pcsx2/CDVD/IsoFS/IsoFS.cpp @@ -209,9 +209,10 @@ u32 IsoDirectory::GetFileSize( const wxString& filePath ) const IsoFileDescriptor::IsoFileDescriptor() { - lba = 0; - size = 0; + lba = 0; + size = 0; flags = 0; + memset(&date, 0, sizeof(date)); } IsoFileDescriptor::IsoFileDescriptor(const u8* data, int length) diff --git a/pcsx2/DebugTools/DisR5900asm.cpp b/pcsx2/DebugTools/DisR5900asm.cpp index 1d561700da..b887d306e0 100644 --- a/pcsx2/DebugTools/DisR5900asm.cpp +++ b/pcsx2/DebugTools/DisR5900asm.cpp @@ -869,6 +869,9 @@ void disMemAccess( std::string& output, const char* name, int cop = 0) case 2: rt = COP2_REG_FP[DECODE_FT]; break; + default: + rt = "???"; + break; } const char* rs = GPR_REG[DECODE_RS]; diff --git a/pcsx2/DebugTools/DisassemblyManager.cpp b/pcsx2/DebugTools/DisassemblyManager.cpp index 54b2d073d3..22b2612535 100644 --- a/pcsx2/DebugTools/DisassemblyManager.cpp +++ b/pcsx2/DebugTools/DisassemblyManager.cpp @@ -444,8 +444,10 @@ void DisassemblyFunction::generateBranchLines() }; LaneInfo lanes[NUM_LANES]; - for (int i = 0; i < NUM_LANES; i++) + for (int i = 0; i < NUM_LANES; i++) { lanes[i].used = false; + lanes[i].end = 0; + } u32 end = address+size; diff --git a/pcsx2/DebugTools/ExpressionParser.cpp b/pcsx2/DebugTools/ExpressionParser.cpp index b4c24ded18..4d757e872c 100644 --- a/pcsx2/DebugTools/ExpressionParser.cpp +++ b/pcsx2/DebugTools/ExpressionParser.cpp @@ -413,8 +413,8 @@ bool parsePostfixExpression(PostfixExpression& exp, IExpressionFunctions* funcs, size_t num = 0; u64 opcode; std::vector valueStack; - u64 arg[5]; - float fArg[5]; + u64 arg[5] = {0}; + float fArg[5] = {0}; bool useFloat = false; while (num < exp.size()) From c687c73edd33051f9f3918be9fe77a5ec3309d48 Mon Sep 17 00:00:00 2001 From: Gregory Hainaut Date: Thu, 10 Sep 2015 13:46:36 +0200 Subject: [PATCH 05/20] pcsx2:debugger: avoid strlen call on random data --- pcsx2/DebugTools/DisassemblyManager.cpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pcsx2/DebugTools/DisassemblyManager.cpp b/pcsx2/DebugTools/DisassemblyManager.cpp index 22b2612535..9c542e0f7a 100644 --- a/pcsx2/DebugTools/DisassemblyManager.cpp +++ b/pcsx2/DebugTools/DisassemblyManager.cpp @@ -992,6 +992,8 @@ void DisassemblyData::createLines() } break; default: + // Avoid a call to strlen with random data + buffer[0] = 0; break; } From f4f08b9c99892809dc2b20f8a8d343ffd53e8fe3 Mon Sep 17 00:00:00 2001 From: Gregory Hainaut Date: Thu, 10 Sep 2015 14:20:51 +0200 Subject: [PATCH 06/20] pcsx2: avoid couple of out-of-bounds access --- pcsx2/DebugTools/DisR3000A.cpp | 3 ++- pcsx2/IopSio2.cpp | 4 ++-- pcsx2/Plugins.h | 3 ++- pcsx2/VUops.cpp | 24 +++++++++++++----------- 4 files changed, 19 insertions(+), 15 deletions(-) diff --git a/pcsx2/DebugTools/DisR3000A.cpp b/pcsx2/DebugTools/DisR3000A.cpp index 5898eafabe..1e56556588 100644 --- a/pcsx2/DebugTools/DisR3000A.cpp +++ b/pcsx2/DebugTools/DisR3000A.cpp @@ -28,7 +28,8 @@ namespace R3000A "r0", "at", "v0", "v1", "a0", "a1","a2", "a3", "t0", "t1", "t2", "t3", "t4", "t5","t6", "t7", "s0", "s1", "s2", "s3", "s4", "s5","s6", "s7", - "t8", "t9", "k0", "k1", "gp", "sp","fp", "ra"}; + "t8", "t9", "k0", "k1", "gp", "sp","fp", "ra" + "HI", "LO" }; const char * const disRNameCP0[] = { "Index" , "Random" , "EntryLo0", "EntryLo1", "Context" , "PageMask" , "Wired" , "*Check me*", diff --git a/pcsx2/IopSio2.cpp b/pcsx2/IopSio2.cpp index 5019d57a6a..cd842ab81f 100644 --- a/pcsx2/IopSio2.cpp +++ b/pcsx2/IopSio2.cpp @@ -156,7 +156,7 @@ void sio2_serialIn(u8 value){ if (sio2.cmdlength) sio2.cmdlength--; sioWrite8(value); - if (sio2.packet.sendSize > BUFSIZE) {//asadr + if (sio2.packet.sendSize >= BUFSIZE) {//asadr Console.Warning("*PCSX2*: sendSize >= %d", BUFSIZE); } else { sio2.buf[sio2.packet.sendSize] = sioRead8(); @@ -183,7 +183,7 @@ void sio2_fifoIn(u8 value){ if (sio2.cmdlength) sio2.cmdlength--; SIODMAWrite(value); - if (sio2.packet.sendSize > BUFSIZE) {//asadr + if (sio2.packet.sendSize >= BUFSIZE) {//asadr Console.WriteLn("*PCSX2*: sendSize >= %d", BUFSIZE); } else { sio2.buf[sio2.packet.sendSize] = sioRead8(); diff --git a/pcsx2/Plugins.h b/pcsx2/Plugins.h index 368d48a8ca..bd4c8c5ce4 100644 --- a/pcsx2/Plugins.h +++ b/pcsx2/Plugins.h @@ -298,7 +298,8 @@ protected: volatile u32 m_mcdOpen; public: // hack until we unsuck plugins... - ScopedPtr m_info[PluginId_Count]; + // +1 to avoid out-of-bounds due to PluginId_Mcd which is above PluginId_Count + ScopedPtr m_info[PluginId_Count + 1]; public: SysCorePlugins(); diff --git a/pcsx2/VUops.cpp b/pcsx2/VUops.cpp index d96cdb7557..e25ca41b56 100644 --- a/pcsx2/VUops.cpp +++ b/pcsx2/VUops.cpp @@ -176,19 +176,21 @@ static __ri void __fastcall _vuFMACAdd(VURegs * VU, int reg, int xyzw) { if (VU->fmac[i].enable == 1) continue; break; } - //if (i==8) Console.Error("*PCSX2*: error , out of fmacs %d", VU->cycle); + if (i < 8) { + VUM_LOG("adding FMAC pipe[%d]; xyzw=%x", i, xyzw); - VUM_LOG("adding FMAC pipe[%d]; xyzw=%x", i, xyzw); - - VU->fmac[i].enable = 1; - VU->fmac[i].sCycle = VU->cycle; - VU->fmac[i].Cycle = 3; - VU->fmac[i].reg = reg; - VU->fmac[i].xyzw = xyzw; - VU->fmac[i].macflag = VU->macflag; - VU->fmac[i].statusflag = VU->statusflag; - VU->fmac[i].clipflag = VU->clipflag; + VU->fmac[i].enable = 1; + VU->fmac[i].sCycle = VU->cycle; + VU->fmac[i].Cycle = 3; + VU->fmac[i].reg = reg; + VU->fmac[i].xyzw = xyzw; + VU->fmac[i].macflag = VU->macflag; + VU->fmac[i].statusflag = VU->statusflag; + VU->fmac[i].clipflag = VU->clipflag; + } else { + //Console.Error("*PCSX2*: error , out of fmacs %d", VU->cycle); + } } static __ri void __fastcall _vuFDIVAdd(VURegs * VU, int cycles) { From b082147c4d89a2856ce06fa0365eb643d71ca89f Mon Sep 17 00:00:00 2001 From: Gregory Hainaut Date: Thu, 10 Sep 2015 14:21:27 +0200 Subject: [PATCH 07/20] onepad: avoid potential resource leak --- plugins/onepad/Linux/ini.cpp | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/plugins/onepad/Linux/ini.cpp b/plugins/onepad/Linux/ini.cpp index efcb3a5408..85f8afaa60 100644 --- a/plugins/onepad/Linux/ini.cpp +++ b/plugins/onepad/Linux/ini.cpp @@ -171,15 +171,15 @@ void LoadConfig() } u32 value; - if (fscanf(f, "log = %d\n", &value) == 0) return; + if (fscanf(f, "log = %d\n", &value) == 0) goto error; conf->log = value; - if (fscanf(f, "options = %d\n", &value) == 0) return; + if (fscanf(f, "options = %d\n", &value) == 0) goto error; conf->options = value; - if (fscanf(f, "mouse_sensibility = %d\n", &value) == 0) return; + if (fscanf(f, "mouse_sensibility = %d\n", &value) == 0) goto error; conf->sensibility = value; - if (fscanf(f, "joy_pad_map = %d\n", &value) == 0) return; + if (fscanf(f, "joy_pad_map = %d\n", &value) == 0) goto error; conf->joyid_map = value; - if (fscanf(f, "ff_intensity = %d\n", &value) == 0) return; + if (fscanf(f, "ff_intensity = %d\n", &value) == 0) goto error; conf->ff_intensity = value; for (int pad = 0; pad < 2; pad++) @@ -203,7 +203,9 @@ void LoadConfig() if(pad == 0) have_user_setting = true; } + if (!have_user_setting) DefaultKeyboardValues(); + +error: fclose(f); - if (!have_user_setting) DefaultKeyboardValues(); } From 1baa6be6de08c39a30db56ece886cdb3ff2add18 Mon Sep 17 00:00:00 2001 From: Gregory Hainaut Date: Thu, 10 Sep 2015 14:21:47 +0200 Subject: [PATCH 08/20] debugger: enforce a null terminated char of a C-string CID 146728 (#1 of 1): Buffer not null terminated (BUFFER_SIZE_WARNING) buffer_size_warning: Calling strncpy with a maximum size argument of 128 bytes on destination array mod.name of size 128 bytes might leave the destination string unterminated --- pcsx2/DebugTools/SymbolMap.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/pcsx2/DebugTools/SymbolMap.cpp b/pcsx2/DebugTools/SymbolMap.cpp index 8aecda2c15..faf31a2689 100644 --- a/pcsx2/DebugTools/SymbolMap.cpp +++ b/pcsx2/DebugTools/SymbolMap.cpp @@ -241,6 +241,7 @@ void SymbolMap::AddModule(const char *name, u32 address, u32 size) { ModuleEntry mod; strncpy(mod.name, name, ARRAY_SIZE(mod.name)); + mod.name[ARRAY_SIZE(mod.name) - 1] = 0; mod.start = address; mod.size = size; mod.index = (int)modules.size() + 1; From 0260c9119e9efbe08ca151bd24d159e0bf4aabc2 Mon Sep 17 00:00:00 2001 From: Gregory Hainaut Date: Thu, 10 Sep 2015 14:41:55 +0200 Subject: [PATCH 09/20] common: suspicious missing comma --- common/src/x86emitter/cpudetect.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common/src/x86emitter/cpudetect.cpp b/common/src/x86emitter/cpudetect.cpp index c27eca98c1..47910bac92 100644 --- a/common/src/x86emitter/cpudetect.cpp +++ b/common/src/x86emitter/cpudetect.cpp @@ -182,7 +182,7 @@ void x86capabilities::CountCores() static const char* tbl_x86vendors[] = { "GenuineIntel", - "AuthenticAMD" + "AuthenticAMD", "Unknown ", }; From ac8f4e69d695ab4f971c60478ff4b72a0bcb3d9c Mon Sep 17 00:00:00 2001 From: Gregory Hainaut Date: Thu, 10 Sep 2015 14:42:54 +0200 Subject: [PATCH 10/20] pcsx2|gsdx: avoid potential null deferencement --- pcsx2/CDVD/zlib_indexed.h | 5 +++++ plugins/GSdx/GSRendererHW.cpp | 3 ++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/pcsx2/CDVD/zlib_indexed.h b/pcsx2/CDVD/zlib_indexed.h index 1ae7238944..4fc9496b15 100644 --- a/pcsx2/CDVD/zlib_indexed.h +++ b/pcsx2/CDVD/zlib_indexed.h @@ -303,6 +303,11 @@ local int build_index(FILE *in, PX_off_t span, struct access **built) } } while (ret != Z_STREAM_END); + if (index == NULL) { + // Could happen if the start of the stream in Z_STREAM_END + return 0; + } + /* clean up and return index (release unused entries in list) */ (void)inflateEnd(&strm); index->list = (Point*)realloc(index->list, sizeof(struct point) * index->have); diff --git a/plugins/GSdx/GSRendererHW.cpp b/plugins/GSdx/GSRendererHW.cpp index 4efa2eb041..5eb7206b90 100644 --- a/plugins/GSdx/GSRendererHW.cpp +++ b/plugins/GSdx/GSRendererHW.cpp @@ -463,7 +463,8 @@ void GSRendererHW::Draw() { s = format("%05d_f%lld_rz0_%05x_%d.bmp", s_n, frame, context->ZBUF.Block(), context->ZBUF.PSM); - ds_tex->Save(root_hw+s); + if (ds_tex) + ds_tex->Save(root_hw+s); } s_n++; From f092f9045c9de98aac826c1f694f7e4d97104f18 Mon Sep 17 00:00:00 2001 From: Gregory Hainaut Date: Thu, 10 Sep 2015 15:56:19 +0200 Subject: [PATCH 11/20] pcsx2: initialize the block pointer There is a check on it on the resize function --- pcsx2/x86/BaseblockEx.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pcsx2/x86/BaseblockEx.h b/pcsx2/x86/BaseblockEx.h index 4d20af2b29..a564665610 100644 --- a/pcsx2/x86/BaseblockEx.h +++ b/pcsx2/x86/BaseblockEx.h @@ -73,7 +73,7 @@ public: } BaseBlockArray (s32 size) : _Reserved(0), - _Size(0) + _Size(0), blocks(NULL) { if(size > 0) { resize(size); From 2934a15902e7247a0fd36d6564d74d86d7ad4b88 Mon Sep 17 00:00:00 2001 From: Gregory Hainaut Date: Thu, 10 Sep 2015 16:28:33 +0200 Subject: [PATCH 12/20] gsdx: remove a duplicated check --- plugins/GSdx/GSState.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/GSdx/GSState.cpp b/plugins/GSdx/GSState.cpp index 8c00945f68..603bf3979c 100644 --- a/plugins/GSdx/GSState.cpp +++ b/plugins/GSdx/GSState.cpp @@ -5252,7 +5252,7 @@ bool GSC_UrbanReign(const GSFrameInfo& fi, int& skip) { if(skip == 0) { - if(fi.TME && fi.FBP==0x0000 && fi.TBP0==0x3980 && fi.FPSM==fi.TPSM && fi.TPSM == PSM_PSMCT32 && fi.TPSM ==0 && fi.FBMSK == 0x0) + if(fi.TME && fi.FBP==0x0000 && fi.TBP0==0x3980 && fi.FPSM==fi.TPSM && fi.TPSM == PSM_PSMCT32 && fi.FBMSK == 0x0) { skip = 1; } From e6d1a4cccf1b7be9ebc522495dc74a181d249acd Mon Sep 17 00:00:00 2001 From: Gregory Hainaut Date: Thu, 10 Sep 2015 17:03:19 +0200 Subject: [PATCH 13/20] gsdx: avoid a potential division by zero CID 146835 (#1 of 1): Division or modulo by float zero (DIVIDE_BY_ZERO) 50. divide_by_zero: In expression (float)(end - start) / (float)frame_number, division by expression frame_number which may be zero has undefined behavior --- plugins/GSdx/GS.cpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/plugins/GSdx/GS.cpp b/plugins/GSdx/GS.cpp index 7de29910e4..784b57e52c 100644 --- a/plugins/GSdx/GS.cpp +++ b/plugins/GSdx/GS.cpp @@ -1670,6 +1670,8 @@ EXPORT_C GSReplay(char* lpszCmdLine, int renderer) sleep(1); } else { unsigned long end = timeGetTime(); + frame_number = std::max(1ul, frame_number); // avoid a potential division by 0 + fprintf(stderr, "The %ld frames of the scene was render on %ldms\n", frame_number, end - start); fprintf(stderr, "A means of %fms by frame\n", (float)(end - start)/(float)frame_number); From 2430abed3342ec09c3708011881a00e47e55a928 Mon Sep 17 00:00:00 2001 From: Gregory Hainaut Date: Thu, 10 Sep 2015 17:06:03 +0200 Subject: [PATCH 14/20] gsdx: potential division by zero CID 146833 (#2-1 of 2): Division or modulo by zero (DIVIDE_BY_ZERO) divide_by_zero: In expression this->m_width / this->m_upscale_multiplier, division by expression this->m_upscale_multiplier which may be zero has undefined behavior. --- plugins/GSdx/GSRendererHW.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/plugins/GSdx/GSRendererHW.cpp b/plugins/GSdx/GSRendererHW.cpp index 5eb7206b90..640c203c5b 100644 --- a/plugins/GSdx/GSRendererHW.cpp +++ b/plugins/GSdx/GSRendererHW.cpp @@ -81,7 +81,8 @@ void GSRendererHW::SetScaling() { } - printf("Frame buffer size set to %dx%d (%dx%d)\n", (m_width / m_upscale_multiplier), (m_height / m_upscale_multiplier), m_width, m_height); + if (m_upscale_multiplier) + printf("Frame buffer size set to %dx%d (%dx%d)\n", (m_width / m_upscale_multiplier), (m_height / m_upscale_multiplier), m_width, m_height); } GSRendererHW::~GSRendererHW() From 113c0aa411da000054fd5199fde63fd65b9ab982 Mon Sep 17 00:00:00 2001 From: Gregory Hainaut Date: Thu, 10 Sep 2015 17:37:39 +0200 Subject: [PATCH 15/20] pcsx2: use sizeof of object instead of pointer (portability) CID 146912 (#1 of 1): Sizeof not portable (SIZEOF_MISMATCH) suspicious_sizeof: Passing argument recConstBuf of type u32 * and argument 131072U /* RECCONSTBUF_SIZE * sizeof (recConstBuf) */ to function memset is suspicious. In this case, sizeof (u32 *) is equal to sizeof (u32), but this is not a portable assumption. --- pcsx2/x86/ix86-32/iR5900-32.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pcsx2/x86/ix86-32/iR5900-32.cpp b/pcsx2/x86/ix86-32/iR5900-32.cpp index f31ec16b3e..14a8f534f4 100644 --- a/pcsx2/x86/ix86-32/iR5900-32.cpp +++ b/pcsx2/x86/ix86-32/iR5900-32.cpp @@ -710,7 +710,7 @@ static void recResetRaw() maxrecmem = 0; - memset(recConstBuf, 0, RECCONSTBUF_SIZE * sizeof(recConstBuf)); + memset(recConstBuf, 0, RECCONSTBUF_SIZE * sizeof(*recConstBuf)); if( s_pInstCache ) memset( s_pInstCache, 0, sizeof(EEINST)*s_nInstCacheSize ); From 8928c3e7f13c0ebeba4ad32e0908049e88319e0a Mon Sep 17 00:00:00 2001 From: Gregory Hainaut Date: Fri, 11 Sep 2015 09:18:49 +0200 Subject: [PATCH 16/20] onepad: be sure pad variable is 0 or 1 CID 146918 (#1 of 1): Use of untrusted scalar value (TAINTED_SCALAR) tainted_data: Passing tainted variable pad to a tainted sink --- plugins/onepad/Linux/ini.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/onepad/Linux/ini.cpp b/plugins/onepad/Linux/ini.cpp index 85f8afaa60..0a0933edd9 100644 --- a/plugins/onepad/Linux/ini.cpp +++ b/plugins/onepad/Linux/ini.cpp @@ -199,7 +199,7 @@ void LoadConfig() u32 keysym; u32 index; while( fscanf(f, "PAD %d:KEYSYM 0x%x = %d\n", &pad, &keysym, &index) != EOF ) { - set_keyboad_key(pad, keysym, index); + set_keyboad_key(pad & 1, keysym, index); if(pad == 0) have_user_setting = true; } From 6c7ce3465e2ec0e7cbdc6ea14d8b5f6433cdef63 Mon Sep 17 00:00:00 2001 From: Gregory Hainaut Date: Fri, 11 Sep 2015 09:25:09 +0200 Subject: [PATCH 17/20] pcsx2:CDVD: guarantee that index of mg_zones array is below than 8 CID 146917 (#1 of 1): Untrusted array index read (TAINTED_SCALAR) tainted_data: Using tainted variable cdvd.Result[1] as an index into an array mg_zones --- pcsx2/CDVD/CDVD.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pcsx2/CDVD/CDVD.cpp b/pcsx2/CDVD/CDVD.cpp index 25317860d3..5fe15ac624 100644 --- a/pcsx2/CDVD/CDVD.cpp +++ b/pcsx2/CDVD/CDVD.cpp @@ -1767,7 +1767,7 @@ static void cdvdWrite16(u8 rt) // SCOMMAND cdvdGetMechaVer(&cdvd.Result[1]); cdvdReadRegionParams(&cdvd.Result[3]);//size==8 - DevCon.WriteLn("REGION PARAMS = %s %s", mg_zones[cdvd.Result[1]], &cdvd.Result[3]); + DevCon.WriteLn("REGION PARAMS = %s %s", mg_zones[cdvd.Result[1] & 7], &cdvd.Result[3]); cdvd.Result[1] = 1 << cdvd.Result[1]; //encryption zone; see offset 0x1C in encrypted headers ////////////////////////////////////////// cdvd.Result[2] = 0; //?? From bfe1236d988ec155f1a0670b222a7b4aeb374f99 Mon Sep 17 00:00:00 2001 From: Gregory Hainaut Date: Fri, 11 Sep 2015 16:50:02 +0200 Subject: [PATCH 18/20] pcsx2|lilypad: Unintentional integer overflow Add some cast to do the intermediate operation in 64 bits --- pcsx2/CDVD/CsoFileReader.cpp | 2 +- pcsx2/CDVD/GzippedFileReader.cpp | 2 +- plugins/LilyPad/Global.h | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/pcsx2/CDVD/CsoFileReader.cpp b/pcsx2/CDVD/CsoFileReader.cpp index 87ebe82eda..4cc85af403 100644 --- a/pcsx2/CDVD/CsoFileReader.cpp +++ b/pcsx2/CDVD/CsoFileReader.cpp @@ -244,7 +244,7 @@ int CsoFileReader::ReadFromFrame(u8 *dest, u64 pos, int maxBytes) { // Calculate where the compressed payload is (if compressed.) const u64 frameRawPos = (u64)index0 << m_indexShift; - const u64 frameRawSize = (index1 - index0) << m_indexShift; + const u64 frameRawSize = (u64)(index1 - index0) << m_indexShift; if (!compressed) { // Just read directly, easy. diff --git a/pcsx2/CDVD/GzippedFileReader.cpp b/pcsx2/CDVD/GzippedFileReader.cpp index 77aed657cf..7c2dcc40db 100644 --- a/pcsx2/CDVD/GzippedFileReader.cpp +++ b/pcsx2/CDVD/GzippedFileReader.cpp @@ -63,7 +63,7 @@ static Access* ReadIndexFromFile(const wxString& filename) { infile.read((char*)index, sizeof(Access)); s64 datasize = size - GZIP_ID_LEN - sizeof(Access); - if (datasize != index->have * sizeof(Point)) { + if (datasize != (s64)index->have * sizeof(Point)) { Console.Error(L"Error: unexpected size of gzip index, please delete it manually: '%s'.", WX_STR(filename)); infile.close(); free(index); diff --git a/plugins/LilyPad/Global.h b/plugins/LilyPad/Global.h index 8b6439ee66..1e1653c412 100644 --- a/plugins/LilyPad/Global.h +++ b/plugins/LilyPad/Global.h @@ -74,7 +74,7 @@ static inline int wcsicmp(const wchar_t* w1, const wchar_t* w2) { static inline unsigned int timeGetTime() { struct timeval now; gettimeofday(&now, NULL); - uint64_t ms = (now.tv_usec/1000) + (now.tv_sec * 1000); + uint64_t ms = (now.tv_usec/1000) + ((uint64_t)now.tv_sec * 1000); return (ms & 0xFFFFFFFF); // MS code is u32 ... } From 04228543846578721693450caddc423ed862bd4c Mon Sep 17 00:00:00 2001 From: Gregory Hainaut Date: Fri, 11 Sep 2015 20:01:01 +0200 Subject: [PATCH 19/20] pcsx2:interpreter: always false condition Both fields are 10 bits but the ~ operation apply on the 32 bits. Therefore msb bits were always '1' and the condition always false. Code is only used on the interpreter but it could explain some hangs --- pcsx2/COP0.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pcsx2/COP0.cpp b/pcsx2/COP0.cpp index 57dc869ecd..fa52d5aef4 100644 --- a/pcsx2/COP0.cpp +++ b/pcsx2/COP0.cpp @@ -509,7 +509,7 @@ void MTC0() } int CPCOND0() { - return ((dmacRegs.stat.CIS | ~dmacRegs.pcr.CPC) == 0x3ff); + return (((dmacRegs.stat.CIS | ~dmacRegs.pcr.CPC) & 0x3FF) == 0x3ff); } //#define CPCOND0 1 From fc67e372d208c19b3ed6111f3e14f63874b295f8 Mon Sep 17 00:00:00 2001 From: Gregory Hainaut Date: Fri, 11 Sep 2015 21:01:23 +0200 Subject: [PATCH 20/20] pcsx2:gui: fix potential infinite loop --- pcsx2/gui/ConsoleLogger.cpp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pcsx2/gui/ConsoleLogger.cpp b/pcsx2/gui/ConsoleLogger.cpp index 49be2af769..58f631a68d 100644 --- a/pcsx2/gui/ConsoleLogger.cpp +++ b/pcsx2/gui/ConsoleLogger.cpp @@ -948,7 +948,10 @@ void ConsoleLogFrame::DoFlushEvent( bool isPending ) } while( --m_WaitingThreadsForFlush > 0 ); int count = m_sem_QueueFlushed.Count(); - while( count < 0 ) m_sem_QueueFlushed.Post(); + while( count < 0 ) { + m_sem_QueueFlushed.Post(); + count = m_sem_QueueFlushed.Count(); + } } m_pendingFlushMsg = isPending;