From cb930c4b5a3f8f3931ba93ef35d4000558ffa79e Mon Sep 17 00:00:00 2001 From: Zach Hilman Date: Fri, 28 Dec 2018 18:20:29 -0500 Subject: web_browser: Add bounds checking to applet interface --- src/core/hle/service/am/applets/web_browser.cpp | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'src/core/hle/service/am/applets') diff --git a/src/core/hle/service/am/applets/web_browser.cpp b/src/core/hle/service/am/applets/web_browser.cpp index 53118324b..d975207f5 100644 --- a/src/core/hle/service/am/applets/web_browser.cpp +++ b/src/core/hle/service/am/applets/web_browser.cpp @@ -49,17 +49,20 @@ static_assert(sizeof(WebArgumentResult) == 0x1010, "WebArgumentResult has incorr static std::vector GetArgumentDataForTagType(const std::vector& data, u16 type) { WebBufferHeader header; + ASSERT(sizeof(WebBufferHeader) <= data.size()); std::memcpy(&header, data.data(), sizeof(WebBufferHeader)); u64 offset = sizeof(WebBufferHeader); for (u16 i = 0; i < header.count; ++i) { WebArgumentHeader arg; + ASSERT(offset + sizeof(WebArgumentHeader) <= data.size()); std::memcpy(&arg, data.data() + offset, sizeof(WebArgumentHeader)); offset += sizeof(WebArgumentHeader); if (arg.type == type) { std::vector out(arg.size); offset += arg.offset; + ASSERT(offset + arg.size <= data.size()); std::memcpy(out.data(), data.data() + offset, out.size()); return out; } @@ -91,19 +94,17 @@ WebBrowser::WebBrowser() = default; WebBrowser::~WebBrowser() = default; void WebBrowser::Initialize() { + Applet::Initialize(); + complete = false; temporary_dir.clear(); filename.clear(); status = RESULT_SUCCESS; - Applet::Initialize(); - const auto web_arg_storage = broker.PopNormalDataToApplet(); ASSERT(web_arg_storage != nullptr); const auto& web_arg = web_arg_storage->GetData(); - LOG_CRITICAL(Service_AM, "{}", Common::HexVectorToString(web_arg)); - const auto url_data = GetArgumentDataForTagType(web_arg, WEB_ARGUMENT_URL_TYPE); filename = Common::StringFromFixedZeroTerminatedBuffer( reinterpret_cast(url_data.data()), url_data.size()); @@ -133,7 +134,7 @@ ResultCode WebBrowser::GetStatus() const { } void WebBrowser::ExecuteInteractive() { - UNIMPLEMENTED_MSG(Service_AM, "Unexpected interactive data recieved!"); + UNIMPLEMENTED_MSG("Unexpected interactive data recieved!"); } void WebBrowser::Execute() { @@ -147,8 +148,7 @@ void WebBrowser::Execute() { const auto& frontend{Core::System::GetInstance().GetWebBrowser()}; - frontend.OpenPage( - filename, [this] { UnpackRomFS(); }, [this] { Finalize(); }); + frontend.OpenPage(filename, [this] { UnpackRomFS(); }, [this] { Finalize(); }); } void WebBrowser::UnpackRomFS() { -- cgit v1.2.3