franklinblanco
/
yuzu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nvhost_gpu: Added checks to ensure we don't read past the end of the entries when handling a GPU command list.

This commit is contained in:
Subv 2018-07-30 20:09:13 -05:00
parent 2482aca7c3
commit e119e17d18
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/core/hle/service/nvdrv/devices/nvhost_gpu.cpp
View File

@ -132,9 +132,12 @@ u32 nvhost_gpu::SubmitGPFIFO(const std::vector<u8>& input, std::vector<u8>& outp
LOG_WARNING(Service_NVDRV, "(STUBBED) called, gpfifo={:X}, num_entries={:X}, flags={:X}", LOG_WARNING(Service_NVDRV, "(STUBBED) called, gpfifo={:X}, num_entries={:X}, flags={:X}",
params.address, params.num_entries, params.flags); params.address, params.num_entries, params.flags);
auto entries = std::vector<IoctlGpfifoEntry>(); ASSERT_MSG(input.size() ==
entries.resize(params.num_entries); sizeof(IoctlSubmitGpfifo) + params.num_entries * sizeof(IoctlGpfifoEntry),
std::memcpy(&entries[0], &input.data()[sizeof(IoctlSubmitGpfifo)], "Incorrect input size");
std::vector<IoctlGpfifoEntry> entries(params.num_entries);
std::memcpy(entries.data(), &input[sizeof(IoctlSubmitGpfifo)],
params.num_entries * sizeof(IoctlGpfifoEntry)); params.num_entries * sizeof(IoctlGpfifoEntry));
for (auto entry : entries) { for (auto entry : entries) {
Tegra::GPUVAddr va_addr = entry.Address(); Tegra::GPUVAddr va_addr = entry.Address();