Project

General

Profile

Actions

Emulator Issues #13506

closed

Emulated software can cause out-of-bounds reads and writes from/to Dolphin internal data structures by reading from/writing to SRAM.

Added by ElectrifiedStrawberry 8 months ago. Updated 8 months ago.

Status:
Fixed
Priority:
High
Assignee:
-
% Done:

0%

Operating system:
N/A
Issue type:
Bug
Milestone:
Regression:
No
Relates to usability:
No
Relates to performance:
No
Easy:
No
Relates to maintainability:
No
Regression start:
Fixed in:
5.0-21264

Description

Game Name/ID/MD5 Hash?

N/A.

What's the problem? Describe what went wrong.

An out-of-bounds read/write (overwriting part of the Impl data structure) can cause at least a crash in Dolphin from emulated software.

What steps will reproduce the problem?

Attempt to write more than 0x68 bytes to SRAM. Data structures in Dolphin will be clobbered because bounds checking isn't performed.

Is the issue present in the latest development version? For future reference, please also write down the version number of the latest development version.

Yes. 3342. I think?

Is the issue present in the latest stable version?

Almost certainly? It looks like the issue is probably years old.

What are your PC specifications? (CPU, GPU, Operating System, more)

Windows 10, although it doesn't seem to be specific to any operating system.

Is there anything else that can help developers narrow down the issue? (e.g. logs, screenshots,
configuration files, savefiles, savestates)

The check @ EXI_DevieIPL.cpp (L349) is not enough; the IN_RANGE macro is only updated when the command changes.

Actions #1

Updated by JosJuice 8 months ago

  • Status changed from New to Fix pending
  • Priority changed from Normal to High

Can you verify if this fixes it? https://github.com/dolphin-emu/dolphin/pull/12667

(For reference, 3342 isn't a valid version number of Dolphin, but the issue is indeed present in the latest development version.)

Actions #2

Updated by ElectrifiedStrawberry 8 months ago

JosJuice wrote in #note-1:

Can you verify if this fixes it? https://github.com/dolphin-emu/dolphin/pull/12667

(For reference, 3342 isn't a valid version number of Dolphin, but the issue is indeed present in the latest development version.)

Yeah, lgtm. Idk the hardware behavior on this but this fixes the overflow. :)

Actions #3

Updated by JosJuice 8 months ago

  • Status changed from Fix pending to Fixed
  • Fixed in set to 5.0-21264
Actions

Also available in: Atom PDF