notaz.gp2x.de / pcsx_rearmed.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw (from parent 1: 3c89130)
Merge pull request #146 from senquack/gpulib_fix
authornotaz <notasas@gmail.com>
Mon, 11 Nov 2019 18:50:44 +0000 (20:50 +0200)
committerGitHub <noreply@github.com>
Mon, 11 Nov 2019 18:50:44 +0000 (20:50 +0200)
gpulib: fix out-of-bounds reads in do_cmd_buffer()

plugins/gpulib/gpu.c patch | blob | blame | history

diff --git a/plugins/gpulib/gpu.c b/plugins/gpulib/gpu.c
index 125bd89..d67df03 100644 (file)
--- a/plugins/gpulib/gpu.c
+++ b/plugins/gpulib/gpu.c
@@ -457,6 +457,12 @@ static noinline int do_cmd_buffer(uint32_t *data, int count)
 
     cmd = data[pos] >> 24;
     if (0xa0 <= cmd && cmd <= 0xdf) {
+      if (unlikely((pos+2) >= count)) {
+        // incomplete vram write/read cmd, can't consume yet
+        cmd = -1;
+        break;
+      }
+
       // consume vram write/read cmd
       start_vram_transfer(data[pos + 1], data[pos + 2], (cmd & 0xe0) == 0xc0);
       pos += 3;
ARM optimized PCSX fork