Fixed invalid element access in CHcaData

hozuki · Feb 21, 2019 · 0494231 · 0494231
1 parent 205969b
commit 0494231
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 7 deletions.
diff --git a/src/lib/kawashima/hca/CHcaDecoder.cpp b/src/lib/kawashima/hca/CHcaDecoder.cpp
@@ -252,7 +252,7 @@ CGSS_NS_BEGIN
         // Decrypt block if needed.
         _cipher->Decrypt(hcaBlockBuffer, hcaInfo.blockSize);
 
-        CHcaData data(hcaBlockBuffer, hcaInfo.blockSize);
+        CHcaData data(hcaBlockBuffer, hcaInfo.blockSize, hcaInfo.blockSize);
 
         const auto magic = data.GetBit(16);
         if (magic != 0xffff) {

diff --git a/src/lib/kawashima/hca/internal/CHcaData.cpp b/src/lib/kawashima/hca/internal/CHcaData.cpp
@@ -2,24 +2,27 @@
 
 CGSS_NS_BEGIN
 
-    CHcaData::CHcaData(uint8_t *data, uint32_t size) {
+    CHcaData::CHcaData(uint8_t *data, uint32_t dataSize, uint32_t size) {
         _data = data;
+        _dataSize = dataSize;
         _size = size * 8 - 16;
         _bit = 0;
     }
 
     int32_t CHcaData::CheckBit(int32_t bitSize) {
+#define SAFE_ACCESS(array, length, index) ((0 <= (index) && (index) < (length)) ? (array)[(index)] : 0)
         int32_t v = 0;
         if (_bit + bitSize <= _size) {
             static int32_t mask[] = {0xFFFFFF, 0x7FFFFF, 0x3FFFFF, 0x1FFFFF, 0x0FFFFF, 0x07FFFF, 0x03FFFF, 0x01FFFF};
-            uint8_t *data = &_data[_bit >> 3];
-            v = data[0];
-            v = (v << 8) | data[1];
-            v = (v << 8) | data[2];
+            int32_t i = _bit >> 3;
+            v = SAFE_ACCESS(_data, _dataSize, i);
+            v = (v << 8) | SAFE_ACCESS(_data, _dataSize, i + 1);
+            v = (v << 8) | SAFE_ACCESS(_data, _dataSize, i + 2);
             v &= mask[_bit & 7];
             v >>= 24 - (_bit & 7) - bitSize;
         }
         return v;
+#undef SAFE_ACCESS
     }
 
     int32_t CHcaData::GetBit(int32_t bitSize) {

diff --git a/src/lib/kawashima/hca/internal/CHcaData.h b/src/lib/kawashima/hca/internal/CHcaData.h
@@ -8,7 +8,7 @@ CGSS_NS_BEGIN
 
     public:
 
-        CHcaData(uint8_t *data, uint32_t size);
+        CHcaData(uint8_t *data, uint32_t dataSize, uint32_t size);
 
         CHcaData(CHcaData &) = default;
 
@@ -21,6 +21,7 @@ CGSS_NS_BEGIN
     private:
 
         uint8_t *_data;
+        uint32_t _dataSize;
         int32_t _size;
         int32_t _bit;