From 05c1816504d1c85da008df94bd9b4cce5d41d891 Mon Sep 17 00:00:00 2001 From: Zak Kurka Date: Sun, 21 Oct 2018 07:48:54 -0500 Subject: [PATCH] Stay in bounds --- src/core/file_sys/ncch_container.cpp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/core/file_sys/ncch_container.cpp b/src/core/file_sys/ncch_container.cpp index 473a195bdb..a67f4de0c4 100644 --- a/src/core/file_sys/ncch_container.cpp +++ b/src/core/file_sys/ncch_container.cpp @@ -557,6 +557,9 @@ void NCCHContainer::ApplyIPS(std::vector& ips, std::vector& buffer) { if (length == 0) { length = ips[cursor + 5] << 8 | ips[cursor + 6]; + if (buffer.size() < offset + length) + return; + for (u32 i = 0; i < length; ++i) buffer[offset + i] = ips[cursor + 7]; @@ -565,6 +568,9 @@ void NCCHContainer::ApplyIPS(std::vector& ips, std::vector& buffer) { continue; } + if (buffer.size() < offset + length) + return; + std::memcpy(&buffer[offset], &ips[cursor + 5], length); cursor += length + 5; }