forked from eden-emu/eden
		
	kernel/svc: Properly sanitize mutex address in WaitProcessWideKeyAtomic
We need to be checking whether or not the given address is within the kernel address space or if the given address isn't word-aligned and bail in these scenarios instead of trashing any kernel state.
This commit is contained in:
		
							parent
							
								
									c151886913
								
							
						
					
					
						commit
						e521d9b2f8
					
				
					 1 changed files with 14 additions and 0 deletions
				
			
		|  | @ -1339,6 +1339,20 @@ static ResultCode WaitProcessWideKeyAtomic(VAddr mutex_addr, VAddr condition_var | ||||||
|         "called mutex_addr={:X}, condition_variable_addr={:X}, thread_handle=0x{:08X}, timeout={}", |         "called mutex_addr={:X}, condition_variable_addr={:X}, thread_handle=0x{:08X}, timeout={}", | ||||||
|         mutex_addr, condition_variable_addr, thread_handle, nano_seconds); |         mutex_addr, condition_variable_addr, thread_handle, nano_seconds); | ||||||
| 
 | 
 | ||||||
|  |     if (Memory::IsKernelVirtualAddress(mutex_addr)) { | ||||||
|  |         LOG_ERROR( | ||||||
|  |             Kernel_SVC, | ||||||
|  |             "Given mutex address must not be within the kernel address space. address=0x{:016X}", | ||||||
|  |             mutex_addr); | ||||||
|  |         return ERR_INVALID_ADDRESS_STATE; | ||||||
|  |     } | ||||||
|  | 
 | ||||||
|  |     if (!Common::IsWordAligned(mutex_addr)) { | ||||||
|  |         LOG_ERROR(Kernel_SVC, "Given mutex address must be word-aligned. address=0x{:016X}", | ||||||
|  |                   mutex_addr); | ||||||
|  |         return ERR_INVALID_ADDRESS; | ||||||
|  |     } | ||||||
|  | 
 | ||||||
|     auto* const current_process = Core::System::GetInstance().Kernel().CurrentProcess(); |     auto* const current_process = Core::System::GetInstance().Kernel().CurrentProcess(); | ||||||
|     const auto& handle_table = current_process->GetHandleTable(); |     const auto& handle_table = current_process->GetHandleTable(); | ||||||
|     SharedPtr<Thread> thread = handle_table.Get<Thread>(thread_handle); |     SharedPtr<Thread> thread = handle_table.Get<Thread>(thread_handle); | ||||||
|  |  | ||||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue
	
	 Lioncash
						Lioncash