From 01f5c899023c9e1e0259cb185c48cb9bc993185d Mon Sep 17 00:00:00 2001 From: Michael Scire Date: Wed, 7 Apr 2021 10:07:24 -0700 Subject: [PATCH] kern: add bounds checking to KHandleTable::Register/Unreserve --- .../source/kern_k_handle_table.cpp | 26 ++++++++++--------- 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/libraries/libmesosphere/source/kern_k_handle_table.cpp b/libraries/libmesosphere/source/kern_k_handle_table.cpp index 7b3733fc4..d40de9f69 100644 --- a/libraries/libmesosphere/source/kern_k_handle_table.cpp +++ b/libraries/libmesosphere/source/kern_k_handle_table.cpp @@ -120,15 +120,16 @@ namespace ams::kern { const auto reserved = handle_pack.Get(); MESOSPHERE_ASSERT(reserved == 0); MESOSPHERE_ASSERT(linear_id != 0); - MESOSPHERE_ASSERT(index < m_table_size); MESOSPHERE_UNUSED(linear_id, reserved); - /* Free the entry. */ - /* NOTE: This code does not check the linear id. */ - Entry *entry = std::addressof(m_table[index]); - MESOSPHERE_ASSERT(entry->GetObject() == nullptr); + if (index < m_table_size) { + /* Free the entry. */ + /* NOTE: This code does not check the linear id. */ + Entry *entry = std::addressof(m_table[index]); + MESOSPHERE_ASSERT(entry->GetObject() == nullptr); - this->FreeEntry(entry); + this->FreeEntry(entry); + } } void KHandleTable::Register(ams::svc::Handle handle, KAutoObject *obj, u16 type) { @@ -143,15 +144,16 @@ namespace ams::kern { const auto reserved = handle_pack.Get(); MESOSPHERE_ASSERT(reserved == 0); MESOSPHERE_ASSERT(linear_id != 0); - MESOSPHERE_ASSERT(index < m_table_size); MESOSPHERE_UNUSED(reserved); - /* Set the entry. */ - Entry *entry = std::addressof(m_table[index]); - MESOSPHERE_ASSERT(entry->GetObject() == nullptr); + if (index < m_table_size) { + /* Set the entry. */ + Entry *entry = std::addressof(m_table[index]); + MESOSPHERE_ASSERT(entry->GetObject() == nullptr); - entry->SetUsed(obj, linear_id, type); - obj->Open(); + entry->SetUsed(obj, linear_id, type); + obj->Open(); + } } }