From b07b5c9005fd60686a80f042645e1652bf68af6d Mon Sep 17 00:00:00 2001 From: Eladash Date: Sat, 18 Jan 2020 16:01:02 +0200 Subject: [PATCH] Fix sys_spu_thread_initialize for attr->name_len is 0 and attr->name is not null If name_len is 0 name is empty, in any other case name is not empty (attr->name == nullptr isn't allowed in this case). Check name_len and option for invalid values as fw. --- rpcs3/Emu/Cell/lv2/sys_spu.cpp | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/rpcs3/Emu/Cell/lv2/sys_spu.cpp b/rpcs3/Emu/Cell/lv2/sys_spu.cpp index adb3bc47cc..692d17fea1 100644 --- a/rpcs3/Emu/Cell/lv2/sys_spu.cpp +++ b/rpcs3/Emu/Cell/lv2/sys_spu.cpp @@ -267,8 +267,13 @@ error_code sys_spu_thread_initialize(ppu_thread& ppu, vm::ptr thread, u32 g sys_spu.warning("sys_spu_thread_initialize(thread=*0x%x, group=0x%x, spu_num=%d, img=*0x%x, attr=*0x%x, arg=*0x%x)", thread, group_id, spu_num, img, attr, arg); + if (attr->name_len > 0x80 || attr->option & ~(SYS_SPU_THREAD_OPTION_DEC_SYNC_TB_ENABLE | SYS_SPU_THREAD_OPTION_ASYNC_INTR_ENABLE)) + { + return CELL_EINVAL; + } + // Read thread name - const std::string thread_name(attr->name.get_ptr(), attr->name ? attr->name_len - 1 : 0); + const std::string thread_name(attr->name.get_ptr(), std::max(attr->name_len, 1) - 1); const auto group = idm::get(group_id);