CCF_100/suyu-mirror
1
0
Fork 0
mirror of https://git.suyu.dev/suyu/suyu synced 2025-11-03 16:39:01 -06:00
Code Issues Releases Wiki Activity

nvhost_gpu: Added checks to ensure we don't read past the end of the entries when handling a GPU command list.

Browse Source
This commit is contained in:
Subv
2018-07-30 20:09:13 -05:00
parent 2482aca7c3
commit e119e17d18
1 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/core/hle/service/nvdrv/devices/nvhost_gpu.cpp
View File

@@ -132,9 +132,12 @@ u32 nvhost_gpu::SubmitGPFIFO(const std::vector<u8>& input, std::vector<u8>& outp
LOG_WARNING(Service_NVDRV, "(STUBBED) called, gpfifo={:X}, num_entries={:X}, flags={:X}",
params.address, params.num_entries, params.flags);
auto entries = std::vector<IoctlGpfifoEntry>();
entries.resize(params.num_entries);
std::memcpy(&entries[0], &input.data()[sizeof(IoctlSubmitGpfifo)],
ASSERT_MSG(input.size() ==
sizeof(IoctlSubmitGpfifo) + params.num_entries * sizeof(IoctlGpfifoEntry),
"Incorrect input size");
std::vector<IoctlGpfifoEntry> entries(params.num_entries);
std::memcpy(entries.data(), &input[sizeof(IoctlSubmitGpfifo)],
params.num_entries * sizeof(IoctlGpfifoEntry));
for (auto entry : entries) {
Tegra::GPUVAddr va_addr = entry.Address();