From bac81f4ccca90b97edf53bd2eee06cbf914947ed Mon Sep 17 00:00:00 2001 From: Michael Scire Date: Wed, 7 Nov 2018 19:09:58 -0800 Subject: [PATCH] libstrat: fix potential oob deref in WaitableManager (closes #256) --- .../include/stratosphere/waitable_manager.hpp | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/stratosphere/libstratosphere/include/stratosphere/waitable_manager.hpp b/stratosphere/libstratosphere/include/stratosphere/waitable_manager.hpp index d1d4b171f..2f48f42f1 100644 --- a/stratosphere/libstratosphere/include/stratosphere/waitable_manager.hpp +++ b/stratosphere/libstratosphere/include/stratosphere/waitable_manager.hpp @@ -211,11 +211,10 @@ class WaitableManager : public SessionManagerBase { /* Wait forever. */ rc = svcWaitSynchronization(&handle_index, handles.data(), num_handles, U64_MAX); - - IWaitable *w = wait_list[handle_index]; - size_t w_ind = std::distance(this->waitables.begin(), std::find(this->waitables.begin(), this->waitables.end(), w)); - + if (R_SUCCEEDED(rc)) { + IWaitable *w = wait_list[handle_index]; + size_t w_ind = std::distance(this->waitables.begin(), std::find(this->waitables.begin(), this->waitables.end(), w)); std::for_each(waitables.begin(), waitables.begin() + w_ind, std::mem_fn(&IWaitable::UpdatePriority)); result = w; } else if (rc == 0xEA01) { @@ -233,6 +232,8 @@ class WaitableManager : public SessionManagerBase { } else if (rc != 0xF601 && rc != 0xE401) { std::abort(); } else { + IWaitable *w = wait_list[handle_index]; + size_t w_ind = std::distance(this->waitables.begin(), std::find(this->waitables.begin(), this->waitables.end(), w)); this->waitables.erase(this->waitables.begin() + w_ind); std::for_each(waitables.begin(), waitables.begin() + w_ind - 1, std::mem_fn(&IWaitable::UpdatePriority)); delete w;