From d58f52ff31ed7f72c0bca6595ae3470f30f5bbe2 Mon Sep 17 00:00:00 2001
From: Eladash <elad3356p@gmail.com>
Date: Fri, 13 Mar 2020 15:01:37 +0200
Subject: [PATCH] cellSaveData: Add some listSet error checks

* Check listSet->fixedListNum.
* Check listSet->fixedList for nullptr and its directory items names.
* Check listSet->focusDirName for nullptr and directory name.
* Check listSet->newData->iconPosition.
* Check listSet->newData->dirName for nullptr and directory string.
* Check statSet->setParam->parental_level for old sdk.
* Return an error if listSet->focusPosition is NEWDATA and listSet->newData is nullptr.
* Simplify savedata directory list selection.
---
 rpcs3/Emu/Cell/Modules/cellSaveData.cpp | 136 ++++++++++++++++++++++--
 1 file changed, 129 insertions(+), 7 deletions(-)

diff --git a/rpcs3/Emu/Cell/Modules/cellSaveData.cpp b/rpcs3/Emu/Cell/Modules/cellSaveData.cpp
index d842a828d8..0890a33bca 100644
--- a/rpcs3/Emu/Cell/Modules/cellSaveData.cpp
+++ b/rpcs3/Emu/Cell/Modules/cellSaveData.cpp
@@ -701,27 +701,134 @@ static NEVER_INLINE error_code savedata_op(ppu_thread& ppu, u32 operation, u32 v
 				return display_callback_result_error_message(ppu, *result, errDialog);
 			}
 
-			// Clean save data list
-			save_entries.erase(std::remove_if(save_entries.begin(), save_entries.end(), [&listSet](const SaveDataEntry& entry) -> bool
+			if (listSet->fixedListNum > CELL_SAVEDATA_LISTITEM_MAX)
 			{
-				for (u32 i = 0; i < listSet->fixedListNum; i++)
+				// ****** sysutil savedata parameter error : 38 ******
+				return {CELL_SAVEDATA_ERROR_PARAM, "38"};
+			}
+
+			if (listSet->fixedListNum && !listSet->fixedList)
+			{
+				// ****** sysutil savedata parameter error : 39 ******
+				return {CELL_SAVEDATA_ERROR_PARAM, "39"};
+			}
+			else
+			{
+				// TODO: What happens if fixedListNum is zero?
+			}
+
+			std::set<std::string_view> selected_list;
+
+			for (u32 i = 0; i < listSet->fixedListNum; i++)
+			{
+				switch (sysutil_check_name_string(listSet->fixedList[i].dirName, 1, CELL_SAVEDATA_DIRNAME_SIZE))
 				{
-					if (entry.dirName == listSet->fixedList[i].dirName)
+				case -1:
+				{
+					// ****** sysutil savedata parameter error : 40 ******
+					return {CELL_SAVEDATA_ERROR_PARAM, "40"};
+				}
+				case -2:
+				{
+					if (listSet->fixedList[i].dirName[0]) // ???
 					{
-						return false;
+						// ****** sysutil savedata parameter error : 41 ******
+						return {CELL_SAVEDATA_ERROR_PARAM, "41"};
 					}
+
+					break;
+				}
+				case 0: break;
+				default: ASSUME(0);
 				}
 
-				return true;
+				selected_list.emplace(listSet->fixedList[i].dirName);
+			}
+
+			// Clean save data list
+			save_entries.erase(std::remove_if(save_entries.begin(), save_entries.end(), [&selected_list](const SaveDataEntry& entry) -> bool
+			{
+				return selected_list.count(entry.dirName) == 0;
 			}), save_entries.end());
 
+			if (listSet->newData)
+			{
+				switch (listSet->newData->iconPosition)
+				{
+				case CELL_SAVEDATA_ICONPOS_HEAD:
+				case CELL_SAVEDATA_ICONPOS_TAIL:
+					break;
+				default:
+				{
+					// ****** sysutil savedata parameter error : 43 ******
+					return {CELL_SAVEDATA_ERROR_PARAM, "43"};
+				}
+				}
+
+				if (!listSet->newData->dirName)
+				{
+					// ****** sysutil savedata parameter error : 44 ******
+					return {CELL_SAVEDATA_ERROR_PARAM, "44"};
+				}
+
+				switch (sysutil_check_name_string(listSet->newData->dirName.get_ptr(), 1, CELL_SAVEDATA_DIRNAME_SIZE))
+				{
+				case -1:
+				{
+					// ****** sysutil savedata parameter error : 45 ******
+					return {CELL_SAVEDATA_ERROR_PARAM, "45"};
+				}
+				case -2:
+				{
+					if (listSet->newData->dirName[0]) // ???
+					{
+						// ****** sysutil savedata parameter error : 4 ******
+						return {CELL_SAVEDATA_ERROR_PARAM, "46"};
+					}
+
+					break;
+				}
+				case 0: break;
+				default: ASSUME(0);
+				}
+			}
+
 			switch (const u32 pos_type = listSet->focusPosition)
 			{
 			case CELL_SAVEDATA_FOCUSPOS_DIRNAME:
 			{
+				if (!listSet->focusDirName)
+				{
+					// ****** sysutil savedata parameter error : 35 ******
+					return {CELL_SAVEDATA_ERROR_PARAM, "35"};
+				}
+
+				switch (sysutil_check_name_string(listSet->focusDirName.get_ptr(), 1, CELL_SAVEDATA_DIRNAME_SIZE))
+				{
+				case -1:
+				{
+					// ****** sysutil savedata parameter error : 36 ******
+					return {CELL_SAVEDATA_ERROR_PARAM, "36"};
+				}
+				case -2:
+				{
+					if (listSet->focusDirName[0]) // ???
+					{
+						// ****** sysutil savedata parameter error : 37 ******
+						return {CELL_SAVEDATA_ERROR_PARAM, "37"};
+					}
+
+					break;
+				}
+				case 0: break;
+				default: ASSUME(0);
+				}
+
+				const std::string dirStr = listSet->focusDirName.get_ptr();
+
 				for (u32 i = 0; i < save_entries.size(); i++)
 				{
-					if (save_entries[i].dirName == listSet->focusDirName.get_ptr())
+					if (save_entries[i].dirName == dirStr)
 					{
 						focused = i;
 						break;
@@ -772,6 +879,13 @@ static NEVER_INLINE error_code savedata_op(ppu_thread& ppu, u32 operation, u32 v
 			}
 			case CELL_SAVEDATA_FOCUSPOS_NEWDATA:
 			{
+				if (!listSet->newData)
+				{
+					// ****** sysutil savedata parameter error : 34 ******
+					cellSaveData.error("savedata_op(): listSet->newData is null while listSet->focusPosition is NEWDATA");
+					return {CELL_SAVEDATA_ERROR_PARAM, "34"};
+				}
+
 				//TODO: If adding the new data to the save_entries vector
 				// to be displayed in the save mangaer UI, it should be focused here
 				break;
@@ -1244,6 +1358,14 @@ static NEVER_INLINE error_code savedata_op(ppu_thread& ppu, u32 operation, u32 v
 					return {CELL_SAVEDATA_ERROR_PARAM, "58"};
 				}
 			}
+			else
+			{
+				if (statSet->setParam->parental_level > 11)
+				{
+					// ****** sysutil savedata parameter error : 58 ******
+					return {CELL_SAVEDATA_ERROR_PARAM, "58"};
+				}
+			}
 
 			for (u8 resv : statSet->setParam->reserved)
 			{