summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMorph <39850852+Morph1984@users.noreply.github.com>2021-02-07 22:20:47 +0800
committerGitHub <noreply@github.com>2021-02-07 22:20:47 +0800
commit458be11f9396e85df4a49fc8e0d610004d107104 (patch)
tree54e536198009a6a3c760783b06abd9df19a25de5
parent4a01812ebe3eb7fa593105cf596690731c70a1a9 (diff)
parent32d9a83f8e80ef34f79123d6cddeeb3e6454be80 (diff)
Merge pull request #5878 from aleasto/master
pl_u: Fix read out of bounds
Diffstat
-rw-r--r--src/core/hle/service/ns/pl_u.cpp9
1 files changed, 7 insertions, 2 deletions
diff --git a/src/core/hle/service/ns/pl_u.cpp b/src/core/hle/service/ns/pl_u.cpp
index 71c7587db..b6ac0a81a 100644
--- a/src/core/hle/service/ns/pl_u.cpp
+++ b/src/core/hle/service/ns/pl_u.cpp
@@ -65,13 +65,18 @@ static void DecryptSharedFont(const std::vector<u32>& input, Kernel::PhysicalMem
void DecryptSharedFontToTTF(const std::vector<u32>& input, std::vector<u8>& output) {
ASSERT_MSG(input[0] == EXPECTED_MAGIC, "Failed to derive key, unexpected magic number");
+ if (input.size() < 2) {
+ LOG_ERROR(Service_NS, "Input font is empty");
+ return;
+ }
+
const u32 KEY = input[0] ^ EXPECTED_RESULT; // Derive key using an inverse xor
std::vector<u32> transformed_font(input.size());
// TODO(ogniK): Figure out a better way to do this
std::transform(input.begin(), input.end(), transformed_font.begin(),
[&KEY](u32 font_data) { return Common::swap32(font_data ^ KEY); });
- transformed_font[1] = Common::swap32(transformed_font[1]) ^ KEY; // "re-encrypt" the size
- std::memcpy(output.data(), transformed_font.data() + 2, transformed_font.size() * sizeof(u32));
+ std::memcpy(output.data(), transformed_font.data() + 2,
+ (transformed_font.size() - 2) * sizeof(u32));
}
void EncryptSharedFont(const std::vector<u32>& input, std::vector<u8>& output,
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-30 22:03:49 +0000