From 9c017e03f9a9cecb1168a93468ca22dee30f3359 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Henrik=20Rydg=C3=A5rd?= <hrydgard@gmail.com>
Date: Thu, 7 Oct 2021 21:08:12 +0200
Subject: [PATCH] Add some basic sanity checks to ParamSFO reader (could add
 more)

---
 Core/ELF/ParamSFO.cpp | 9 ++++++---
 Core/ELF/ParamSFO.h   | 6 +++++-
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/Core/ELF/ParamSFO.cpp b/Core/ELF/ParamSFO.cpp
index af5a0ce812..61b55281ba 100644
--- a/Core/ELF/ParamSFO.cpp
+++ b/Core/ELF/ParamSFO.cpp
@@ -103,19 +103,22 @@ bool ParamSFOData::ReadSFO(const u8 *paramsfo, size_t size) {
 
 	const IndexTable *indexTables = (const IndexTable *)(paramsfo + sizeof(Header));
 
+	if (header->key_table_start > size || header->data_table_start > size) {
+		return false;
+	}
+
 	const u8 *key_start = paramsfo + header->key_table_start;
 	const u8 *data_start = paramsfo + header->data_table_start;
 
 	for (u32 i = 0; i < header->index_table_entries; i++)
 	{
 		const char *key = (const char *)(key_start + indexTables[i].key_table_offset);
-
 		switch (indexTables[i].param_fmt) {
 		case 0x0404:
 			{
 				// Unsigned int
 				const u32_le *data = (const u32_le *)(data_start + indexTables[i].data_table_offset);
-				SetValue(key,*data,indexTables[i].param_max_len);
+				SetValue(key, *data, indexTables[i].param_max_len);
 				VERBOSE_LOG(LOADER, "%s %08x", key, *data);
 			}
 			break;
@@ -132,7 +135,7 @@ bool ParamSFOData::ReadSFO(const u8 *paramsfo, size_t size) {
 			{
 				const char *utfdata = (const char *)(data_start + indexTables[i].data_table_offset);
 				VERBOSE_LOG(LOADER, "%s %s", key, utfdata);
-				SetValue(key,std::string(utfdata /*, indexTables[i].param_len*/), indexTables[i].param_max_len);
+				SetValue(key, std::string(utfdata /*, indexTables[i].param_len*/), indexTables[i].param_max_len);
 			}
 			break;
 		}
diff --git a/Core/ELF/ParamSFO.h b/Core/ELF/ParamSFO.h
index b0fee3cece..6548638ef6 100644
--- a/Core/ELF/ParamSFO.h
+++ b/Core/ELF/ParamSFO.h
@@ -56,7 +56,11 @@ public:
 	bool WriteSFO(u8 **paramsfo, size_t *size);
 
 	bool ReadSFO(const std::vector<u8> &paramsfo) {
-		return ReadSFO(&paramsfo[0], paramsfo.size());
+		if (!paramsfo.empty()) {
+			return ReadSFO(&paramsfo[0], paramsfo.size());
+		} else {
+			return false;
+		}
 	}
 
 	int GetDataOffset(const u8 *paramsfo, std::string dataName);