From 9f3f615e054663fd6e538fa2db86271b467a6bfd Mon Sep 17 00:00:00 2001 From: Liam Date: Fri, 14 Jul 2023 22:32:24 -0400 Subject: [PATCH] core: reduce TOCTTOU memory access --- src/core/debugger/gdbstub.cpp | 9 +++------ src/core/hle/kernel/svc/svc_ipc.cpp | 11 ++++------- src/core/hle/kernel/svc/svc_synchronization.cpp | 11 ++++------- 3 files changed, 11 insertions(+), 20 deletions(-) diff --git a/src/core/debugger/gdbstub.cpp b/src/core/debugger/gdbstub.cpp index da6078372..0f839d5b4 100644 --- a/src/core/debugger/gdbstub.cpp +++ b/src/core/debugger/gdbstub.cpp @@ -261,10 +261,8 @@ void GDBStub::ExecuteCommand(std::string_view packet, std::vector(strtoll(command.data(), nullptr, 16))}; const size_t size{static_cast(strtoll(command.data() + sep, nullptr, 16))}; - if (system.ApplicationMemory().IsValidVirtualAddressRange(addr, size)) { - std::vector mem(size); - system.ApplicationMemory().ReadBlock(addr, mem.data(), size); - + std::vector mem(size); + if (system.ApplicationMemory().ReadBlock(addr, mem.data(), size)) { SendReply(Common::HexToString(mem)); } else { SendReply(GDB_STUB_REPLY_ERR); @@ -281,8 +279,7 @@ void GDBStub::ExecuteCommand(std::string_view packet, std::vector 0) { - // Ensure we can try to get the handles. - R_UNLESS(GetCurrentMemory(kernel).IsValidVirtualAddressRange( - handles_addr, static_cast(sizeof(Handle) * num_handles)), - ResultInvalidPointer); - // Get the handles. - GetCurrentMemory(kernel).ReadBlock(handles_addr, handles.data(), - sizeof(Handle) * num_handles); + R_UNLESS(GetCurrentMemory(kernel).ReadBlock(handles_addr, handles.data(), + sizeof(Handle) * num_handles), + ResultInvalidPointer); // Convert the handles to objects. R_UNLESS(handle_table.GetMultipleObjects( diff --git a/src/core/hle/kernel/svc/svc_synchronization.cpp b/src/core/hle/kernel/svc/svc_synchronization.cpp index f02d03f30..366e8ed4a 100644 --- a/src/core/hle/kernel/svc/svc_synchronization.cpp +++ b/src/core/hle/kernel/svc/svc_synchronization.cpp @@ -7,6 +7,7 @@ #include "core/hle/kernel/k_process.h" #include "core/hle/kernel/k_readable_event.h" #include "core/hle/kernel/svc.h" +#include "core/hle/kernel/svc_results.h" namespace Kernel::Svc { @@ -64,14 +65,10 @@ Result WaitSynchronization(Core::System& system, int32_t* out_index, u64 user_ha // Copy user handles. if (num_handles > 0) { - // Ensure we can try to get the handles. - R_UNLESS(GetCurrentMemory(kernel).IsValidVirtualAddressRange( - user_handles, static_cast(sizeof(Handle) * num_handles)), - ResultInvalidPointer); - // Get the handles. - GetCurrentMemory(kernel).ReadBlock(user_handles, handles.data(), - sizeof(Handle) * num_handles); + R_UNLESS(GetCurrentMemory(kernel).ReadBlock(user_handles, handles.data(), + sizeof(Handle) * num_handles), + ResultInvalidPointer); // Convert the handles to objects. R_UNLESS(handle_table.GetMultipleObjects(