core: reduce TOCTTOU memory access

This commit is contained in:
Liam 2023-07-14 22:32:24 -04:00
parent d144168442
commit 9f3f615e05
3 changed files with 11 additions and 20 deletions

View File

@ -261,10 +261,8 @@ void GDBStub::ExecuteCommand(std::string_view packet, std::vector<DebuggerAction
const size_t addr{static_cast<size_t>(strtoll(command.data(), nullptr, 16))}; const size_t addr{static_cast<size_t>(strtoll(command.data(), nullptr, 16))};
const size_t size{static_cast<size_t>(strtoll(command.data() + sep, nullptr, 16))}; const size_t size{static_cast<size_t>(strtoll(command.data() + sep, nullptr, 16))};
if (system.ApplicationMemory().IsValidVirtualAddressRange(addr, size)) {
std::vector<u8> mem(size); std::vector<u8> mem(size);
system.ApplicationMemory().ReadBlock(addr, mem.data(), size); if (system.ApplicationMemory().ReadBlock(addr, mem.data(), size)) {
SendReply(Common::HexToString(mem)); SendReply(Common::HexToString(mem));
} else { } else {
SendReply(GDB_STUB_REPLY_ERR); SendReply(GDB_STUB_REPLY_ERR);
@ -281,8 +279,7 @@ void GDBStub::ExecuteCommand(std::string_view packet, std::vector<DebuggerAction
const auto mem_substr{std::string_view(command).substr(mem_sep)}; const auto mem_substr{std::string_view(command).substr(mem_sep)};
const auto mem{Common::HexStringToVector(mem_substr, false)}; const auto mem{Common::HexStringToVector(mem_substr, false)};
if (system.ApplicationMemory().IsValidVirtualAddressRange(addr, size)) { if (system.ApplicationMemory().WriteBlock(addr, mem.data(), size)) {
system.ApplicationMemory().WriteBlock(addr, mem.data(), size);
system.InvalidateCpuInstructionCacheRange(addr, size); system.InvalidateCpuInstructionCacheRange(addr, size);
SendReply(GDB_STUB_REPLY_OK); SendReply(GDB_STUB_REPLY_OK);
} else { } else {

View File

@ -8,6 +8,7 @@
#include "core/hle/kernel/k_process.h" #include "core/hle/kernel/k_process.h"
#include "core/hle/kernel/k_server_session.h" #include "core/hle/kernel/k_server_session.h"
#include "core/hle/kernel/svc.h" #include "core/hle/kernel/svc.h"
#include "core/hle/kernel/svc_results.h"
namespace Kernel::Svc { namespace Kernel::Svc {
@ -49,14 +50,10 @@ Result ReplyAndReceive(Core::System& system, s32* out_index, uint64_t handles_ad
// Copy user handles. // Copy user handles.
if (num_handles > 0) { if (num_handles > 0) {
// Ensure we can try to get the handles.
R_UNLESS(GetCurrentMemory(kernel).IsValidVirtualAddressRange(
handles_addr, static_cast<u64>(sizeof(Handle) * num_handles)),
ResultInvalidPointer);
// Get the handles. // Get the handles.
GetCurrentMemory(kernel).ReadBlock(handles_addr, handles.data(), R_UNLESS(GetCurrentMemory(kernel).ReadBlock(handles_addr, handles.data(),
sizeof(Handle) * num_handles); sizeof(Handle) * num_handles),
ResultInvalidPointer);
// Convert the handles to objects. // Convert the handles to objects.
R_UNLESS(handle_table.GetMultipleObjects<KSynchronizationObject>( R_UNLESS(handle_table.GetMultipleObjects<KSynchronizationObject>(

View File

@ -7,6 +7,7 @@
#include "core/hle/kernel/k_process.h" #include "core/hle/kernel/k_process.h"
#include "core/hle/kernel/k_readable_event.h" #include "core/hle/kernel/k_readable_event.h"
#include "core/hle/kernel/svc.h" #include "core/hle/kernel/svc.h"
#include "core/hle/kernel/svc_results.h"
namespace Kernel::Svc { namespace Kernel::Svc {
@ -64,14 +65,10 @@ Result WaitSynchronization(Core::System& system, int32_t* out_index, u64 user_ha
// Copy user handles. // Copy user handles.
if (num_handles > 0) { if (num_handles > 0) {
// Ensure we can try to get the handles.
R_UNLESS(GetCurrentMemory(kernel).IsValidVirtualAddressRange(
user_handles, static_cast<u64>(sizeof(Handle) * num_handles)),
ResultInvalidPointer);
// Get the handles. // Get the handles.
GetCurrentMemory(kernel).ReadBlock(user_handles, handles.data(), R_UNLESS(GetCurrentMemory(kernel).ReadBlock(user_handles, handles.data(),
sizeof(Handle) * num_handles); sizeof(Handle) * num_handles),
ResultInvalidPointer);
// Convert the handles to objects. // Convert the handles to objects.
R_UNLESS(handle_table.GetMultipleObjects<KSynchronizationObject>( R_UNLESS(handle_table.GetMultipleObjects<KSynchronizationObject>(