Merge pull request #13 from AKuHAK/master

Fix some C overflows and dereferncies
rickgaiser · Sep 9, 2023 · c7d6844 · c7d6844
2 parents 1fb0ea8 + 5e94f33
commit c7d6844
Show file tree

Hide file tree

Showing 7 changed files with 12 additions and 13 deletions.
diff --git a/ee/loader/src/main.c b/ee/loader/src/main.c
@@ -757,13 +757,13 @@ int main(int argc, char *argv[])
             char c = *sCompat;
             switch (c) {
                 case '0':
-                    iCompat |= 1 << 31; // Set dummy flag
+                    iCompat |= 1U << 31; // Set dummy flag
                     break;
                 case '1':
                 case '2':
                 case '3':
                 case '5':
-                    iCompat |= 1 << (c - '1');
+                    iCompat |= 1U << (c - '1');
                     break;
                 default:
                     printf("ERROR: compat flag %c not supported\n", c);
@@ -1069,7 +1069,7 @@ int main(int argc, char *argv[])
      */
     if (iCompat == 0)
         iCompat = get_compat(sGameID);
-    iCompat &= ~(1<<31); // Clear dummy flag
+    iCompat &= ~(1U << 31); // Clear dummy flag
 
     /*
      * Set CDVDMAN compatibility
@@ -1126,7 +1126,7 @@ int main(int argc, char *argv[])
             printf("Unable to open %s\n", sATA0File);
             return -1;
         }
-        // Get ISO file size
+        // Get HDD file size
         hdd_size = lseek64(fd_hdd, 0, SEEK_END);
 
         //

diff --git a/iop/cdvdman_emu/src/device-fhi.c b/iop/cdvdman_emu/src/device-fhi.c
@@ -50,7 +50,7 @@ int DeviceReadSectors(u32 vlsn, void *buffer, unsigned int sectors)
 {
     int rv = SCECdErNO;
     u32 fid = vlsn >> 23;
-    u32 lsn = vlsn & ((1<<23)-1);
+    u32 lsn = vlsn & ((1U << 23) - 1);
 
     // DPRINTF("%s(%u-%u, 0x%p, %u)\n", __func__, (unsigned int)fid, (unsigned int)lsn, buffer, sectors);
 

diff --git a/iop/cdvdman_esr2/src/pscecdvdv.c b/iop/cdvdman_esr2/src/pscecdvdv.c
@@ -100,7 +100,7 @@ static int hook_sceCdRead(u32 lsn, u32 sectors, void *buf, cd_read_mode_t *mode)
 
 static inline int is_jmp(void *addr, void *func)
 {
-    if (*(u32 *)addr == (0x0C000000 | (((u32)func >> 2) & 0x03FFFFFF)))
+    if (addr != NULL && *(u32 *)addr == (0x0C000000 | (((u32)func >> 2) & 0x03FFFFFF)))
         return 1;
     return 0;
 }

diff --git a/iop/smap_udpbd/src/main.c b/iop/smap_udpbd/src/main.c
@@ -16,7 +16,6 @@ IRX_ID("SMAP_driver", 0x2, 0x1A);
 //While the header of the export table is small, the large size of the export table (as a whole) places it in data instead of sdata.
 extern struct irx_export_table _exp_smap __attribute__((section("data")));
 
-#define IP_ADDR(a, b, c, d) ((a << 24) | (b << 16) | (c << 8) | d)
 uint32_t parse_ip(const char *sIP)
 {
     int cp = 0;
@@ -41,7 +40,7 @@ uint32_t parse_ip(const char *sIP)
     if (cp != 3)
         return 0; // Too little dots
 
-    return IP_ADDR(part[0], part[1], part[2], part[3]);
+    return IP_ADDR((uint8_t)part[0], (uint8_t)part[1], (uint8_t)part[2], (uint8_t)part[3]);
 }
 
 int _start(int argc, char *argv[])

diff --git a/iop/smap_udpbd/src/ministack.h b/iop/smap_udpbd/src/ministack.h
@@ -5,7 +5,7 @@
 #include <stdint.h>
 
 
-#define IP_ADDR(a, b, c, d) ((a << 24) | (b << 16) | (c << 8) | d)
+#define IP_ADDR(a, b, c, d) (((uint8_t)(a) << 24) | ((uint8_t)(b) << 16) | ((uint8_t)(c) << 8) | (uint8_t)(d))
 
 static inline uint32_t htonl(uint32_t n)
 {

diff --git a/iop/smap_udpbd/src/udpbd.c b/iop/smap_udpbd/src/udpbd.c
@@ -339,7 +339,7 @@ static inline void _cmd_read_rdma(struct SUDPBDv2_Header *hdr)
     }
 
     // Directly DMA the packet data into the user buffer
-    dev9DmaTransfer(1, g_buffer_act, bt.block_count << 16 | (1 << bt.block_shift), DMAC_TO_MEM);
+    dev9DmaTransfer(1, g_buffer_act, bt.block_count << 16 | (1U << bt.block_shift), DMAC_TO_MEM);
 
     g_buffer_act += size;
     g_read_size -= size;

diff --git a/iop/smap_udpbd/src/udpbd.h b/iop/smap_udpbd/src/udpbd.h
@@ -33,7 +33,7 @@ struct SUDPBDv2_Header { // 2 bytes - Must be a "(multiple of 4) + 2" for RDMA o
             uint16_t cmdid  : 3; // 0..  8 - increment with every new command sequence
             uint16_t cmdpkt : 8; // 0..255 - 0=request, 1 or more are response packets
         };
-    };	
+    };
 } __attribute__((__packed__));
 
 /*
@@ -84,11 +84,11 @@ union block_type
     uint32_t bt;
     struct
     {
-        uint32_t block_shift :  4; // 0..7: blocks_size = 1 << (block_shift+2); min=0=4bytes, max=7=512bytes
+        uint32_t block_shift :  4; // 0..7: blocks_size = 1U << (block_shift+2); min=0=4bytes, max=7=512bytes
         uint32_t block_count :  9; // 1..366 blocks
         uint32_t spare       : 19;
     };
-};	
+};
 /*
  * Maximum payload for an RDMA packet depends on the used block size:
  * -   4 * 366 = 1464 bytes