Emulator Issues #5973
closedout-of-bounds memory access can lead to crashes
0%
Description
When setting the Wiimote's device path, an out-of-bounds memory access is performed. This (although in this case apparently seldomly) can cause a crash.
This is the offending code from WiimoteReal/IOWin.cpp :
memcpy(wm[k]->devicepath, detail_data->DevicePath, 197);
I'm not familiar with the code style used in Dolphin's code, and hence haven't bothered to add a patch.
It's probably a good idea to keep in mind that, when fixing this, the fixed code should regardless of whether the DevicePath (from the PSP_DEVICE_INTERFACE_DETAIL_DATA structure) contains an ANSI-character or wide-character string.
One may also want to add a check (assertion, logging?) to verify that the destination (Wiimote's 'devicepath') is large enough (so developers are notified when it is not large enough), since silent truncation is undesirable.