Fix memory corruption in BCAT and FS Read methods when buffer is larger than needed (#3739)

* Fix memory corruption in FS Read methods when buffer is larger than needed * PR feedback * nit: Don't move this around
2022-10-04 20:12:54 -03:00 · 2022-10-04 20:12:54 -03:00 · 60e16c15b6
commit 60e16c15b6
parent 2068445939
10 changed files with 69 additions and 79 deletions
--- a/Ryujinx.HLE/HOS/Services/Fs/FileSystemProxy/IStorage.cs
+++ b/Ryujinx.HLE/HOS/Services/Fs/FileSystemProxy/IStorage.cs
@ -23,21 +23,21 @@ namespace Ryujinx.HLE.HOS.Services.Fs.FileSystemProxy

            if (context.Request.ReceiveBuff.Count > 0)
            {
-                IpcBuffDesc buffDesc = context.Request.ReceiveBuff[0];
+                ulong bufferAddress = context.Request.ReceiveBuff[0].Position;
+                ulong bufferLen = context.Request.ReceiveBuff[0].Size;

                // Use smaller length to avoid overflows.
-                if (size > buffDesc.Size)
+                if (size > bufferLen)
                {
-                    size = buffDesc.Size;
+                    size = bufferLen;
                }

-                byte[] data = new byte[size];
+                using (var region = context.Memory.GetWritableRegion(bufferAddress, (int)bufferLen, true))
+                {
+                    Result result = _baseStorage.Get.Read((long)offset, new OutBuffer(region.Memory.Span), (long)size);

-                Result result = _baseStorage.Get.Read((long)offset, new OutBuffer(data), (long)size);
-
-                context.Memory.Write(buffDesc.Position, data);
-
-                return (ResultCode)result.Value;
+                    return (ResultCode)result.Value;
+                }
            }

            return ResultCode.Success;