Project

General

Profile

Actions

Emulator Issues #5973

closed

out-of-bounds memory access can lead to crashes

Added by bughunter2 almost 12 years ago.

Status:
Fixed
Priority:
Normal
Assignee:
-
% Done:

0%

Operating system:
N/A
Issue type:
Bug
Milestone:
Regression:
No
Relates to usability:
No
Relates to performance:
No
Easy:
No
Relates to maintainability:
No
Regression start:
Fixed in:

Description

When setting the Wiimote's device path, an out-of-bounds memory access is performed. This (although in this case apparently seldomly) can cause a crash.

This is the offending code from WiimoteReal/IOWin.cpp :
memcpy(wm[k]->devicepath, detail_data->DevicePath, 197);

I'm not familiar with the code style used in Dolphin's code, and hence haven't bothered to add a patch.

It's probably a good idea to keep in mind that, when fixing this, the fixed code should regardless of whether the DevicePath (from the PSP_DEVICE_INTERFACE_DETAIL_DATA structure) contains an ANSI-character or wide-character string.

One may also want to add a check (assertion, logging?) to verify that the destination (Wiimote's 'devicepath') is large enough (so developers are notified when it is not large enough), since silent truncation is undesirable.

Actions #1

Updated by Billiard26 almost 12 years ago

  • Status changed from New to Fixed

This issue was closed by revision bc35764ec216.

Actions

Also available in: Atom PDF