Emulation/ppsspp
1
0
Fork 0
mirror of https://github.com/hrydgard/ppsspp.git synced 2025-04-02 11:01:50 -04:00
Code Issues Projects Releases Packages Wiki Activity

Sanity check string lengths in save state code

Browse source
This commit is contained in:
Henrik Rydgård 2021-10-07 21:08:46 +02:00
parent 9c017e03f9
commit 36ada6308d
1 changed files with 21 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
Common/Serialize/Serializer.cpp
View file

@ -106,10 +106,19 @@ void PointerWrap::DoVoid(void *data, int size) {
(*ptr) += size;
}
// Not exactly sane but might catch some corrupt files.
const int MAX_SANE_STRING_LENGTH = 1024 * 1024;
void Do(PointerWrap &p, std::string &x) {
int stringLen = (int)x.length() + 1;
Do(p, stringLen);
if (stringLen < 0 || stringLen > MAX_SANE_STRING_LENGTH) {
WARN_LOG(SAVESTATE, "Savestate failure: bad stringLen %d", stringLen);
p.SetError(PointerWrap::ERROR_FAILURE);
return;
}
switch (p.mode) {
case PointerWrap::MODE_READ: x = (char*)*p.ptr; break;
case PointerWrap::MODE_WRITE: memcpy(*p.ptr, x.c_str(), stringLen); break;
@ -123,6 +132,12 @@ void Do(PointerWrap &p, std::wstring &x) {
int stringLen = sizeof(wchar_t) * ((int)x.length() + 1);
Do(p, stringLen);
if (stringLen < 0 || stringLen > MAX_SANE_STRING_LENGTH) {
WARN_LOG(SAVESTATE, "Savestate failure: bad stringLen %d", stringLen);
p.SetError(PointerWrap::ERROR_FAILURE);
return;
}
auto read = [&]() {
std::wstring r;
// In case unaligned, use memcpy.
@ -144,6 +159,12 @@ void Do(PointerWrap &p, std::u16string &x) {
int stringLen = sizeof(char16_t) * ((int)x.length() + 1);
Do(p, stringLen);
if (stringLen < 0 || stringLen > MAX_SANE_STRING_LENGTH) {
WARN_LOG(SAVESTATE, "Savestate failure: bad stringLen %d", stringLen);
p.SetError(PointerWrap::ERROR_FAILURE);
return;
}
auto read = [&]() {
std::u16string r;
// In case unaligned, use memcpy.