mirror/rpcs3
1
0
Fork 0
mirror of https://github.com/RPCS3/rpcs3.git synced 2025-03-21 13:20:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

input: add sanity checks for buf_size

Browse Source 
also improve log spam
This commit is contained in:
Megamouse 2023-05-20 10:54:20 +02:00
parent e1744ceab2
commit 09e845a539
5 changed files with 38 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
rpcs3/Emu/Io/Buzz.cpp
View File

@ -7,12 +7,11 @@
LOG_CHANNEL(buzz_log);
usb_device_buzz::usb_device_buzz(int first_controller, int last_controller, const std::array<u8, 7>& location)
usb_device_buzz::usb_device_buzz(u32 first_controller, u32 last_controller, const std::array<u8, 7>& location)
: usb_device_emulated(location)
, m_first_controller(first_controller)
, m_last_controller(last_controller)
{
this->first_controller = first_controller;
this->last_controller = last_controller;
device = UsbDescriptorNode(USB_DESCRIPTOR_DEVICE, UsbDeviceDescriptor{0x0200, 0x00, 0x00, 0x00, 0x08, 0x054c, 0x0002, 0x05a1, 0x03, 0x01, 0x00, 0x01});
auto& config0 = device.add_node(UsbDescriptorNode(USB_DESCRIPTOR_CONFIG, UsbDeviceConfiguration{0x0022, 0x01, 0x01, 0x00, 0x80, 0x32}));
config0.add_node(UsbDescriptorNode(USB_DESCRIPTOR_INTERFACE, UsbDeviceInterface{0x00, 0x00, 0x01, 0x03, 0x00, 0x00, 0x00}));
@ -34,8 +33,7 @@ void usb_device_buzz::control_transfer(u8 bmRequestType, u8 bRequest, u16 wValue
case 0x01:
case 0x21:
case 0x80:
buzz_log.error("Unhandled Query Len: 0x%02X", buf_size);
buzz_log.error("Unhandled Query Type: 0x%02X", (buf_size > 0) ? buf[0] : -1);
buzz_log.error("Unhandled Query: buf_size=0x%02X, Type=0x%02X, bmRequestType=0x%02X", buf_size, (buf_size > 0) ? buf[0] : -1, bmRequestType);
break;
default:
usb_device_emulated::control_transfer(bmRequestType, bRequest, wValue, wIndex, wLength, buf_size, buf, transfer);
@ -47,6 +45,9 @@ extern bool is_input_allowed();
void usb_device_buzz::interrupt_transfer(u32 buf_size, u8* buf, u32 /*endpoint*/, UsbTransfer* transfer)
{
const u8 max_index = 2 + (4 + 5 * m_last_controller) / 8;
ensure(buf_size > max_index);
transfer->fake = true;
transfer->expected_count = 5;
transfer->expected_result = HC_CC_NOERR;
@ -70,17 +71,18 @@ void usb_device_buzz::interrupt_transfer(u32 buf_size, u8* buf, u32 /*endpoint*/
std::lock_guard lock(pad::g_pad_mutex);
const auto handler = pad::get_current_handler();
const auto& pads = handler->GetPads();
ensure(pads.size() > m_last_controller);
for (int index = 0; index <= (last_controller - first_controller); index++)
for (u32 i = m_first_controller, index = 0; i <= m_last_controller; i++, index++)
{
const auto& pad = pads[first_controller + index];
const auto& pad = pads[i];
if (!(pad->m_port_status & CELL_PAD_STATUS_CONNECTED))
{
continue;
}
for (Button& button : pad->m_buttons)
for (const Button& button : pad->m_buttons)
{
if (!button.m_pressed)
{

9
rpcs3/Emu/Io/Buzz.h
View File

@ -4,13 +4,14 @@
class usb_device_buzz : public usb_device_emulated
{
int first_controller;
int last_controller;
public:
usb_device_buzz(int first_controller, int last_controller, const std::array<u8, 7>& location);
usb_device_buzz(u32 first_controller, u32 last_controller, const std::array<u8, 7>& location);
~usb_device_buzz();
void control_transfer(u8 bmRequestType, u8 bRequest, u16 wValue, u16 wIndex, u16 wLength, u32 buf_size, u8* buf, UsbTransfer* transfer) override;
void interrupt_transfer(u32 buf_size, u8* buf, u32 endpoint, UsbTransfer* transfer) override;
private:
u32 m_first_controller;
u32 m_last_controller;
};

14
rpcs3/Emu/Io/GHLtar.cpp
View File

@ -32,12 +32,12 @@ void usb_device_ghltar::control_transfer(u8 bmRequestType, u8 bRequest, u16 wVal
case 0x21:
switch (bRequest)
{
case 0x09:
// Do nothing here - not sure what it should do.
break;
default:
ghltar_log.error("Unhandled Query Type: 0x%02X", buf[0]);
break;
case 0x09:
// Do nothing here - not sure what it should do.
break;
default:
ghltar_log.error("Unhandled Query: buf_size=0x%02X, Type=0x%02X, bRequest=0x%02X, bmRequestType=0x%02X", buf_size, (buf_size > 0) ? buf[0] : -1, bRequest, bmRequestType);
break;
}
break;
default:
@ -50,6 +50,8 @@ extern bool is_input_allowed();
void usb_device_ghltar::interrupt_transfer(u32 buf_size, u8* buf, u32 /*endpoint*/, UsbTransfer* transfer)
{
ensure(buf_size >= 27);
transfer->fake = true;
transfer->expected_count = buf_size;
transfer->expected_result = HC_CC_NOERR;

10
rpcs3/Emu/Io/Skylander.cpp
View File

@ -159,11 +159,11 @@ u8 sky_portal::load_skylander(u8* buf, fs::file in_file)
{
std::lock_guard lock(sky_mutex);
u32 sky_serial = read_from_ptr<le_t<u32>>(buf);
const u32 sky_serial = read_from_ptr<le_t<u32>>(buf);
u8 found_slot = 0xFF;
// mimics spot retaining on the portal
for (auto i = 0; i < 8; i++)
for (u8 i = 0; i < 8; i++)
{
if ((skylanders[i].status & 1) == 0)
{
@ -182,7 +182,7 @@ u8 sky_portal::load_skylander(u8* buf, fs::file in_file)
ensure(found_slot != 0xFF);
auto& thesky = skylanders[found_slot];
skylander& thesky = skylanders[found_slot];
memcpy(thesky.data.data(), buf, thesky.data.size());
thesky.sky_file = std::move(in_file);
thesky.status = 3;
@ -321,7 +321,9 @@ void usb_device_skylander::control_transfer(u8 bmRequestType, u8 bRequest, u16 w
q_queries.push(q_result);
break;
}
default: skylander_log.error("Unhandled Query Type: 0x%02X", buf[0]); break;
default:
skylander_log.error("Unhandled Query: buf_size=0x%02X, Type=0x%02X, bRequest=0x%02X, bmRequestType=0x%02X", buf_size, (buf_size > 0) ? buf[0] : -1, bRequest, bmRequestType);
break;
}
break;
}

14
rpcs3/Emu/Io/Turntable.cpp
View File

@ -32,12 +32,12 @@ void usb_device_turntable::control_transfer(u8 bmRequestType, u8 bRequest, u16 w
case 0x21:
switch (bRequest)
{
case 0x09:
// Do nothing here - not sure what it should do.
break;
default:
turntable_log.error("Unhandled Query Type: 0x%02X", buf[0]);
break;
case 0x09:
// Do nothing here - not sure what it should do.
break;
default:
turntable_log.error("Unhandled Query: buf_size=0x%02X, Type=0x%02X, bRequest=0x%02X, bmRequestType=0x%02X", buf_size, (buf_size > 0) ? buf[0] : -1, bRequest, bmRequestType);
break;
}
break;
default:
@ -48,6 +48,8 @@ void usb_device_turntable::control_transfer(u8 bmRequestType, u8 bRequest, u16 w
void usb_device_turntable::interrupt_transfer(u32 buf_size, u8* buf, u32 /*endpoint*/, UsbTransfer* transfer)
{
ensure(buf_size >= 27);
transfer->fake = true;
transfer->expected_count = buf_size;
transfer->expected_result = HC_CC_NOERR;