From 5b5bdb1bd1b6cce5f0a57fc3d6531fc26d31cde7 Mon Sep 17 00:00:00 2001 From: yellows8 Date: Mon, 16 Mar 2015 20:59:59 -0400 Subject: [PATCH 1/6] Fixed security failure /w alignment in MemPool::Allocate(). --- libctru/source/allocator/mem_pool.cpp | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/libctru/source/allocator/mem_pool.cpp b/libctru/source/allocator/mem_pool.cpp index a2c312d..13063ef 100644 --- a/libctru/source/allocator/mem_pool.cpp +++ b/libctru/source/allocator/mem_pool.cpp @@ -33,7 +33,11 @@ void MemPool::CoalesceRight(MemBlock* b) bool MemPool::Allocate(MemChunk& chunk, u32 size, int align) { int alignM = (1 << align) - 1; - size = (size + alignM) &~ alignM; // Round the size + u32 newsize; + newsize = (size + alignM) &~ alignM; // Round the size + if(newsize < size)return false;//Return error when integer-overflow occurs due to aligning the size. + size = newsize; + // Find the first suitable block for (auto b = first; b; b = b->next) { From 653f126065d17636eeb9b52da7fef3bd9bb85030 Mon Sep 17 00:00:00 2001 From: Dave Murphy Date: Tue, 17 Mar 2015 10:42:51 +0000 Subject: [PATCH 2/6] use python3 --- examples/gpu/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/gpu/Makefile b/examples/gpu/Makefile index ee6b6e4..19c9ac9 100644 --- a/examples/gpu/Makefile +++ b/examples/gpu/Makefile @@ -161,7 +161,7 @@ $(OUTPUT).elf : $(OFILES) %_vsh.h %.vsh.o : %.vsh #--------------------------------------------------------------------------------- @echo $(notdir $<) - @python $(AEMSTRO)/aemstro_as.py $< ../$(notdir $<).shbin + @python3 $(AEMSTRO)/aemstro_as.py $< ../$(notdir $<).shbin @bin2s ../$(notdir $<).shbin | $(PREFIX)as -o $@ @echo "extern const u8" `(echo $(notdir $<).shbin | sed -e 's/^\([0-9]\)/_\1/' | tr . _)`"_end[];" > `(echo $(notdir $<).shbin | tr . _)`.h @echo "extern const u8" `(echo $(notdir $<).shbin | sed -e 's/^\([0-9]\)/_\1/' | tr . _)`"[];" >> `(echo $(notdir $<).shbin | tr . _)`.h From 426258a7f7f2a0667fa9b2e4526f7f853f1e295f Mon Sep 17 00:00:00 2001 From: Dave Murphy Date: Tue, 17 Mar 2015 10:43:52 +0000 Subject: [PATCH 3/6] exclude 3dsx files in bin directory --- examples/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/Makefile b/examples/Makefile index 756d82d..444e135 100644 --- a/examples/Makefile +++ b/examples/Makefile @@ -7,7 +7,7 @@ all: examples #--------------------------------------------------------------------------------- @rm -fr bin @mkdir -p bin - @find . -name "*.3dsx" -exec cp -fv {} bin \; + @find . -name "*.3dsx" ! -path "./bin/*" -exec cp -fv {} bin \; examples: @for i in $(SUBDIRS); do if test -e $$i/Makefile ; then $(MAKE) -C $$i || { exit 1;} fi; done; From 7a71787670255f68e96bb37d8f7ac786a1405eef Mon Sep 17 00:00:00 2001 From: Dave Murphy Date: Tue, 17 Mar 2015 10:48:53 +0000 Subject: [PATCH 4/6] include data folder in source release, 0.5.0 is next release --- libctru/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libctru/Makefile b/libctru/Makefile index 966c20c..67b189e 100644 --- a/libctru/Makefile +++ b/libctru/Makefile @@ -9,8 +9,8 @@ endif include $(DEVKITARM)/base_rules export LIBCTRU_MAJOR := 0 -export LIBCTRU_MINOR := 4 -export LIBCTRU_PATCH := 1 +export LIBCTRU_MINOR := 5 +export LIBCTRU_PATCH := 0 VERSION := $(LIBCTRU_MAJOR).$(LIBCTRU_MINOR).$(LIBCTRU_PATCH) @@ -107,7 +107,7 @@ dist-bin: all @tar -cjf libctru-$(VERSION).tar.bz2 include lib default_icon.png dist-src: - @tar -cjf libctru-src-$(VERSION).tar.bz2 include source Makefile Doxyfile Doxyfile.internal default_icon.png + @tar -cjf libctru-src-$(VERSION).tar.bz2 include source data Makefile Doxyfile Doxyfile.internal default_icon.png dist: dist-src dist-bin From b30f553dd020702a678cec2a49d32c101800d8b6 Mon Sep 17 00:00:00 2001 From: mtheall Date: Tue, 17 Mar 2015 13:49:47 -0500 Subject: [PATCH 5/6] Stricter checks in MemPool::Allocate(). --- libctru/source/allocator/mem_pool.cpp | 29 ++++++++++++++++++++------- 1 file changed, 22 insertions(+), 7 deletions(-) diff --git a/libctru/source/allocator/mem_pool.cpp b/libctru/source/allocator/mem_pool.cpp index 13063ef..1490a14 100644 --- a/libctru/source/allocator/mem_pool.cpp +++ b/libctru/source/allocator/mem_pool.cpp @@ -32,18 +32,33 @@ void MemPool::CoalesceRight(MemBlock* b) bool MemPool::Allocate(MemChunk& chunk, u32 size, int align) { - int alignM = (1 << align) - 1; - u32 newsize; - newsize = (size + alignM) &~ alignM; // Round the size - if(newsize < size)return false;//Return error when integer-overflow occurs due to aligning the size. - size = newsize; + // Don't shift out of bounds (CERT INT34-C) + if(align >= 32 || align < 0) + return false; + + // Alignment must not be 0 + if(align == 0) + return false; + + u32 alignMask = (1 << align) - 1; + + // Check if size doesn't fit neatly in alignment + if(size & alignMask) + { + // Make sure addition won't overflow (CERT INT30-C) + if(size > UINT32_MAX - alignMask) + return false; + + // Pad size to next alignment + size = (size + alignMask) &~ alignMask; + } // Find the first suitable block for (auto b = first; b; b = b->next) { auto addr = b->base; - u32 begWaste = (u32)addr & alignM; - if (begWaste > 0) begWaste = alignM + 1 - begWaste; + u32 begWaste = (u32)addr & alignMask; + if (begWaste > 0) begWaste = alignMask + 1 - begWaste; addr += begWaste; u32 bSize = b->size - begWaste; if (bSize < size) continue; From d22d0a9345532e56b1fbb08d39b9ec60371154f7 Mon Sep 17 00:00:00 2001 From: smea Date: Thu, 19 Mar 2015 12:29:47 -0700 Subject: [PATCH 6/6] fix bug when alignment value too big --- libctru/source/allocator/mem_pool.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/libctru/source/allocator/mem_pool.cpp b/libctru/source/allocator/mem_pool.cpp index 1490a14..7482cc6 100644 --- a/libctru/source/allocator/mem_pool.cpp +++ b/libctru/source/allocator/mem_pool.cpp @@ -59,6 +59,7 @@ bool MemPool::Allocate(MemChunk& chunk, u32 size, int align) auto addr = b->base; u32 begWaste = (u32)addr & alignMask; if (begWaste > 0) begWaste = alignMask + 1 - begWaste; + if (begWaste > b->size) continue; addr += begWaste; u32 bSize = b->size - begWaste; if (bSize < size) continue;