From e8b2fd21d861997e558180d775b14afdc46f3bbd Mon Sep 17 00:00:00 2001 From: comex Date: Sun, 22 Nov 2020 15:48:23 -0500 Subject: nvdrv, video_core: Don't index out of bounds when given invalid syncpoint ID - Use .at() instead of raw indexing when dealing with untrusted indices. - For the special case of WaitFence with syncpoint id UINT32_MAX, instead of crashing, log an error and ignore. This is what I get when running Super Mario Maker 2. --- src/core/hle/service/nvdrv/syncpoint_manager.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/core') diff --git a/src/core/hle/service/nvdrv/syncpoint_manager.h b/src/core/hle/service/nvdrv/syncpoint_manager.h index 4168b6c7e..d395c5d0b 100644 --- a/src/core/hle/service/nvdrv/syncpoint_manager.h +++ b/src/core/hle/service/nvdrv/syncpoint_manager.h @@ -37,7 +37,7 @@ public: * @returns The lower bound for the specified syncpoint. */ u32 GetSyncpointMin(u32 syncpoint_id) const { - return syncpoints[syncpoint_id].min.load(std::memory_order_relaxed); + return syncpoints.at(syncpoint_id).min.load(std::memory_order_relaxed); } /** @@ -46,7 +46,7 @@ public: * @returns The upper bound for the specified syncpoint. */ u32 GetSyncpointMax(u32 syncpoint_id) const { - return syncpoints[syncpoint_id].max.load(std::memory_order_relaxed); + return syncpoints.at(syncpoint_id).max.load(std::memory_order_relaxed); } /** -- cgit v1.2.3