mirrors/Atmosphere
1
0
Fork 0
mirror of https://github.com/Atmosphere-NX/Atmosphere.git synced 2024-11-10 06:01:52 +00:00
Code Issues Releases Activity

fs.mitm: Fix UAF in every DirEntry processed.

Browse source 
How on earth did this code ever work?
This commit is contained in:
Michael Scire 2018-07-19 21:17:57 -06:00
parent 3db9ce32fa
commit a46e796f4d
1 changed files with 9 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
stratosphere/fs_mitm/source/fsmitm_romfsbuild.cpp
View file

@ -236,7 +236,7 @@ void RomFSBuildContext::Build(std::vector<RomFSSourceInfo> *out_infos) {
RomFSDirectoryEntry *dir_table = (RomFSDirectoryEntry *)((uintptr_t)dir_hash_table + this->dir_hash_table_size);
u32 *file_hash_table = (u32 *)((uintptr_t)dir_table + this->dir_table_size);
RomFSFileEntry *file_table = (RomFSFileEntry *)((uintptr_t)file_hash_table + this->file_hash_table_size);
/* Clear out hash tables. */
for (u32 i = 0; i < dir_hash_table_entry_count; i++) {
dir_hash_table[i] = ROMFS_ENTRY_EMPTY;
@ -332,11 +332,7 @@ void RomFSBuildContext::Build(std::vector<RomFSSourceInfo> *out_infos) {
default:
fatalSimple(0xF601);
}
delete cur_file->path;
delete cur_file;
}
this->files.clear();
/* Populate dir tables. */
for (const auto &it : this->directories) {
@ -362,6 +358,14 @@ void RomFSBuildContext::Build(std::vector<RomFSSourceInfo> *out_infos) {
this->root = NULL;
this->directories.clear();
/* Delete files. */
for (const auto &it : this->files) {
cur_file = it.second;
delete cur_file->path;
delete cur_file;
}
this->files.clear();
/* Set header fields. */
header->header_size = sizeof(*header);
header->file_hash_table_size = this->file_hash_table_size;