mirror of
https://github.com/dolphin-emu/dolphin.git
synced 2025-04-24 22:34:54 +00:00
Merge pull request #10954 from shuffle2/ios-hdr-overflow
WiiSave: protect against a stack buffer overflow
This commit is contained in:
commit
92ed0e33a8
1 changed files with 9 additions and 2 deletions
|
@ -104,14 +104,21 @@ public:
|
||||||
if (!m_uid || !m_gid)
|
if (!m_uid || !m_gid)
|
||||||
return {};
|
return {};
|
||||||
|
|
||||||
const auto banner = m_fs->OpenFile(*m_uid, *m_gid, m_data_dir + "/banner.bin", FS::Mode::Read);
|
const auto banner_path = m_data_dir + "/banner.bin";
|
||||||
|
const auto banner = m_fs->OpenFile(*m_uid, *m_gid, banner_path, FS::Mode::Read);
|
||||||
if (!banner)
|
if (!banner)
|
||||||
return {};
|
return {};
|
||||||
Header header{};
|
Header header{};
|
||||||
header.banner_size = banner->GetStatus()->size;
|
header.banner_size = banner->GetStatus()->size;
|
||||||
|
if (header.banner_size > sizeof(header.banner))
|
||||||
|
{
|
||||||
|
ERROR_LOG_FMT(CORE, "NandStorage::ReadHeader: {} corrupted banner_size: {:x}", banner_path,
|
||||||
|
header.banner_size);
|
||||||
|
return {};
|
||||||
|
}
|
||||||
header.tid = m_tid;
|
header.tid = m_tid;
|
||||||
header.md5 = s_md5_blanker;
|
header.md5 = s_md5_blanker;
|
||||||
const u8 mode = GetBinMode(m_data_dir + "/banner.bin");
|
const u8 mode = GetBinMode(banner_path);
|
||||||
if (!mode || !banner->Read(header.banner, header.banner_size))
|
if (!mode || !banner->Read(header.banner, header.banner_size))
|
||||||
return {};
|
return {};
|
||||||
header.permissions = mode;
|
header.permissions = mode;
|
||||||
|
|
Loading…
Add table
Reference in a new issue