From 9d0dd4c7cfc0ea791bed98e90b2341f0c77da50a Mon Sep 17 00:00:00 2001 From: Lioncash Date: Wed, 2 Apr 2014 21:37:45 -0400 Subject: [PATCH] Add a parameter check to some Gif/Jpg/Png decoding syscalls --- rpcs3/Emu/SysCalls/Modules/cellGifDec.cpp | 11 +++++++++++ rpcs3/Emu/SysCalls/Modules/cellJpgDec.cpp | 13 +++++++++++++ rpcs3/Emu/SysCalls/Modules/cellPngDec.cpp | 12 ++++++++++++ 3 files changed, 36 insertions(+) diff --git a/rpcs3/Emu/SysCalls/Modules/cellGifDec.cpp b/rpcs3/Emu/SysCalls/Modules/cellGifDec.cpp index b86104187c..ec8d9c6d41 100644 --- a/rpcs3/Emu/SysCalls/Modules/cellGifDec.cpp +++ b/rpcs3/Emu/SysCalls/Modules/cellGifDec.cpp @@ -23,6 +23,8 @@ int cellGifDecExtCreate(u32 mainHandle, u32 threadInParam, u32 threadOutParam, u int cellGifDecOpen(u32 mainHandle, mem32_t subHandle, const mem_ptr_t src, mem_ptr_t openInfo) { + if (!subHandle.IsGood() || !src.IsGood()) + return CELL_GIFDEC_ERROR_ARG; /* vfsStream* stream; @@ -73,6 +75,9 @@ int cellGifDecOpen(u32 mainHandle, mem32_t subHandle, const mem_ptr_t info) { + if (!info.IsGood()) + return CELL_GIFDEC_ERROR_ARG; + CellGifDecSubHandle* subHandle_data; if(!cellGifDec.CheckId(subHandle, subHandle_data)) return CELL_GIFDEC_ERROR_FATAL; @@ -111,6 +116,9 @@ int cellGifDecReadHeader(u32 mainHandle, u32 subHandle, mem_ptr_t inParam, mem_ptr_t outParam) { + if (!inParam.IsGood() || !outParam.IsGood()) + return CELL_GIFDEC_ERROR_ARG; + CellGifDecSubHandle* subHandle_data; if(!cellGifDec.CheckId(subHandle, subHandle_data)) return CELL_GIFDEC_ERROR_FATAL; @@ -138,6 +146,9 @@ int cellGifDecSetParameter(u32 mainHandle, u32 subHandle, const mem_ptr_t dataCtrlParam, mem_ptr_t dataOutInfo) { + if (!data.IsGood() || !dataCtrlParam.IsGood() || !dataOutInfo.IsGood()) + return CELL_GIFDEC_ERROR_ARG; + dataOutInfo->status = CELL_GIFDEC_DEC_STATUS_STOP; CellGifDecSubHandle* subHandle_data; diff --git a/rpcs3/Emu/SysCalls/Modules/cellJpgDec.cpp b/rpcs3/Emu/SysCalls/Modules/cellJpgDec.cpp index 45e3ac79fb..7bd25271c9 100644 --- a/rpcs3/Emu/SysCalls/Modules/cellJpgDec.cpp +++ b/rpcs3/Emu/SysCalls/Modules/cellJpgDec.cpp @@ -30,6 +30,9 @@ int cellJpgDecOpen(u32 mainHandle, mem32_t subHandle, mem_ptr_t s cellJpgDec.Warning("cellJpgDecOpen(mainHandle=0x%x, subHandle=0x%x, src_addr=0x%x, openInfo=0x%x)", mainHandle, subHandle.GetAddr(), src.GetAddr(), openInfo); + if (!subHandle.IsGood() || !src.IsGood() || !openInfo.IsGood()) + return CELL_JPGDEC_ERROR_ARG; + CellJpgDecSubHandle *current_subHandle = new CellJpgDecSubHandle; // Get file descriptor @@ -65,6 +68,10 @@ int cellJpgDecClose(u32 mainHandle, u32 subHandle) int cellJpgDecReadHeader(u32 mainHandle, u32 subHandle, mem_ptr_t info) { cellJpgDec.Log("cellJpgDecReadHeader(mainHandle=0x%x, subHandle=0x%x, info_addr=0x%llx)", mainHandle, subHandle, info.GetAddr()); + + if (!info.IsGood()) + return CELL_JPGDEC_ERROR_ARG; + CellJpgDecSubHandle* subHandle_data; if(!cellJpgDec.CheckId(subHandle, subHandle_data)) return CELL_JPGDEC_ERROR_FATAL; @@ -121,6 +128,9 @@ int cellJpgDecReadHeader(u32 mainHandle, u32 subHandle, mem_ptr_t dataCtrlParam, mem_ptr_t dataOutInfo) { + if (!data.IsGood() || !dataCtrlParam.IsGood() || !dataOutInfo.IsGood()) + return CELL_JPGDEC_ERROR_ARG; + dataOutInfo->status = CELL_JPGDEC_DEC_STATUS_STOP; CellJpgDecSubHandle* subHandle_data; if(!cellJpgDec.CheckId(subHandle, subHandle_data)) @@ -185,6 +195,9 @@ int cellJpgDecDecodeData(u32 mainHandle, u32 subHandle, mem8_ptr_t data, const m int cellJpgDecSetParameter(u32 mainHandle, u32 subHandle, const mem_ptr_t inParam, mem_ptr_t outParam) { + if (!inParam.IsGood() || !outParam.IsGood()) + return CELL_JPGDEC_ERROR_ARG; + CellJpgDecSubHandle* subHandle_data; if(!cellJpgDec.CheckId(subHandle, subHandle_data)) return CELL_JPGDEC_ERROR_FATAL; diff --git a/rpcs3/Emu/SysCalls/Modules/cellPngDec.cpp b/rpcs3/Emu/SysCalls/Modules/cellPngDec.cpp index fb431e1fd2..f2d925218c 100644 --- a/rpcs3/Emu/SysCalls/Modules/cellPngDec.cpp +++ b/rpcs3/Emu/SysCalls/Modules/cellPngDec.cpp @@ -24,6 +24,9 @@ int cellPngDecOpen(u32 mainHandle, mem32_t subHandle, mem_ptr_t s cellPngDec.Warning("cellPngDecOpen(mainHandle=0x%x, subHandle=0x%x, src_addr=0x%x, openInfo=0x%x)", mainHandle, subHandle.GetAddr(), src.GetAddr(), openInfo); + if (!subHandle.IsGood() || !src.IsGood()) + return CELL_PNGDEC_ERROR_ARG; + CellPngDecSubHandle *current_subHandle = new CellPngDecSubHandle; current_subHandle->fd = NULL; @@ -72,6 +75,9 @@ int cellPngDecClose(u32 mainHandle, u32 subHandle) int cellPngDecReadHeader(u32 mainHandle, u32 subHandle, mem_ptr_t info) { + if (!info.IsGood()) + return CELL_PNGDEC_ERROR_ARG; + cellPngDec.Warning("cellPngDecReadHeader(mainHandle=0x%x, subHandle=0x%x, info_addr=0x%llx)", mainHandle, subHandle, info.GetAddr()); CellPngDecSubHandle* subHandle_data; if(!cellPngDec.CheckId(subHandle, subHandle_data)) @@ -129,6 +135,9 @@ int cellPngDecReadHeader(u32 mainHandle, u32 subHandle, mem_ptr_t dataCtrlParam, mem_ptr_t dataOutInfo) { + if (!data.IsGood() || !dataCtrlParam.IsGood() || !dataOutInfo.IsGood()) + return CELL_PNGDEC_ERROR_ARG; + dataOutInfo->status = CELL_PNGDEC_DEC_STATUS_STOP; CellPngDecSubHandle* subHandle_data; if(!cellPngDec.CheckId(subHandle, subHandle_data)) @@ -234,6 +243,9 @@ int cellPngDecDecodeData(u32 mainHandle, u32 subHandle, mem8_ptr_t data, const m int cellPngDecSetParameter(u32 mainHandle, u32 subHandle, const mem_ptr_t inParam, mem_ptr_t outParam) { + if (!inParam.IsGood() || !outParam.IsGood()) + return CELL_PNGDEC_ERROR_ARG; + CellPngDecSubHandle* subHandle_data; if(!cellPngDec.CheckId(subHandle, subHandle_data)) return CELL_PNGDEC_ERROR_FATAL;