daniel/yuzu-android
1
0
Fork 0
mirror of https://github.com/yuzu-emu/yuzu-android synced 2025-08-08 08:52:33 -07:00
Code Issues Actions Packages Projects Releases Wiki Activity

web_browser: Add bounds checking to applet interface

Browse Source
This commit is contained in:
Zach Hilman
2018-12-28 18:20:29 -05:00
parent ef4c4e239d
commit cb930c4b5a
10 changed files with 160 additions and 146 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/core/hle/service/am/applets/web_browser.cpp
View File

@@ -49,17 +49,20 @@ static_assert(sizeof(WebArgumentResult) == 0x1010, "WebArgumentResult has incorr
static std::vector<u8> GetArgumentDataForTagType(const std::vector<u8>& data, u16 type) {
WebBufferHeader header;
ASSERT(sizeof(WebBufferHeader) <= data.size());
std::memcpy(&header, data.data(), sizeof(WebBufferHeader));
u64 offset = sizeof(WebBufferHeader);
for (u16 i = 0; i < header.count; ++i) {
WebArgumentHeader arg;
ASSERT(offset + sizeof(WebArgumentHeader) <= data.size());
std::memcpy(&arg, data.data() + offset, sizeof(WebArgumentHeader));
offset += sizeof(WebArgumentHeader);
if (arg.type == type) {
std::vector<u8> out(arg.size);
offset += arg.offset;
ASSERT(offset + arg.size <= data.size());
std::memcpy(out.data(), data.data() + offset, out.size());
return out;
}
@@ -91,19 +94,17 @@ WebBrowser::WebBrowser() = default;
WebBrowser::~WebBrowser() = default;
void WebBrowser::Initialize() {
Applet::Initialize();
complete = false;
temporary_dir.clear();
filename.clear();
status = RESULT_SUCCESS;
Applet::Initialize();
const auto web_arg_storage = broker.PopNormalDataToApplet();
ASSERT(web_arg_storage != nullptr);
const auto& web_arg = web_arg_storage->GetData();
LOG_CRITICAL(Service_AM, "{}", Common::HexVectorToString(web_arg));
const auto url_data = GetArgumentDataForTagType(web_arg, WEB_ARGUMENT_URL_TYPE);
filename = Common::StringFromFixedZeroTerminatedBuffer(
reinterpret_cast<const char*>(url_data.data()), url_data.size());
@@ -133,7 +134,7 @@ ResultCode WebBrowser::GetStatus() const {
}
void WebBrowser::ExecuteInteractive() {
UNIMPLEMENTED_MSG(Service_AM, "Unexpected interactive data recieved!");
UNIMPLEMENTED_MSG("Unexpected interactive data recieved!");
}
void WebBrowser::Execute() {
@@ -147,8 +148,7 @@ void WebBrowser::Execute() {
const auto& frontend{Core::System::GetInstance().GetWebBrowser()};
frontend.OpenPage(
filename, [this] { UnpackRomFS(); }, [this] { Finalize(); });
frontend.OpenPage(filename, [this] { UnpackRomFS(); }, [this] { Finalize(); });
}
void WebBrowser::UnpackRomFS() {