mirrors/hekate
1
0
Fork 0
mirror of https://github.com/CTCaer/hekate.git synced 2024-11-26 19:52:11 +00:00
Code Issues Releases Activity

fss0: Fix heap corruption when sept is loaded from fss

Browse source
This commit is contained in:
CTCaer 2020-01-17 09:26:13 +02:00
parent 8552a7282c
commit 01a767cbfa
1 changed files with 16 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
bootloader/hos/fss.c
View file

@ -97,22 +97,22 @@ int parse_fss(launch_ctxt_t *ctxt, const char *path, fss0_sept_t *sept_ctxt)
bool stock = false; bool stock = false;
int sept_used = 0; int sept_used = 0;
LIST_FOREACH_ENTRY(ini_kv_t, kv, &ctxt->cfg->kvs, link) if (!sept_ctxt)
{ {
if (!strcmp("stock", kv->key)) LIST_FOREACH_ENTRY(ini_kv_t, kv, &ctxt->cfg->kvs, link)
if (kv->val[0] == '1') {
stock = true; if (!strcmp("stock", kv->key))
} if (kv->val[0] == '1')
stock = true;
}
if (!sept_ctxt && stock && ctxt->pkg1_id->kb <= KB_FIRMWARE_VERSION_620 && (!emu_cfg.enabled || h_cfg.emummc_force_disable)) if (ctxt->pkg1_id->kb <= KB_FIRMWARE_VERSION_620 && (!emu_cfg.enabled || h_cfg.emummc_force_disable))
return 1; return 1;
}
if (f_open(&fp, path, FA_READ) != FR_OK) if (f_open(&fp, path, FA_READ) != FR_OK)
return 0; return 0;
if (!sept_ctxt)
ctxt->atmosphere = true;
void *fss = malloc(f_size(&fp)); void *fss = malloc(f_size(&fp));
// Read header. // Read header.
f_read(&fp, fss, 0x400, NULL); f_read(&fp, fss, 0x400, NULL);
@ -128,6 +128,12 @@ int parse_fss(launch_ctxt_t *ctxt, const char *path, fss0_sept_t *sept_ctxt)
fss_meta->version >> 24, (fss_meta->version >> 16) & 0xFF, (fss_meta->version >> 8) & 0xFF, fss_meta->git_rev, fss_meta->version >> 24, (fss_meta->version >> 16) & 0xFF, (fss_meta->version >> 8) & 0xFF, fss_meta->git_rev,
fss_meta->hos_ver >> 24, (fss_meta->hos_ver >> 16) & 0xFF, (fss_meta->hos_ver >> 8) & 0xFF); fss_meta->hos_ver >> 24, (fss_meta->hos_ver >> 16) & 0xFF, (fss_meta->hos_ver >> 8) & 0xFF);
if (!sept_ctxt)
{
ctxt->atmosphere = true;
ctxt->fss0_hosver = fss_meta->hos_ver;
}
fss_content_t *curr_fss_cnt = (fss_content_t *)(fss + fss_meta->cnt_off); fss_content_t *curr_fss_cnt = (fss_content_t *)(fss + fss_meta->cnt_off);
void *content; void *content;
for (u32 i = 0; i < fss_meta->cnt_count; i++) for (u32 i = 0; i < fss_meta->cnt_count; i++)