From 4185c1e42298a8b88b2d7d1ab95af0404f05224c Mon Sep 17 00:00:00 2001 From: Fabian Schaffert Date: Wed, 12 Nov 2014 23:25:27 +0100 Subject: [PATCH] Fixes segfault described in #794 Fixes bug in sys_semaphore_create() when a NULL pointer address is passed in sem or attr. Fixes bug in sys_semaphore_get_value() when a NULL pointer address is passed in count. --- rpcs3/Emu/SysCalls/lv2/sys_semaphore.cpp | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/rpcs3/Emu/SysCalls/lv2/sys_semaphore.cpp b/rpcs3/Emu/SysCalls/lv2/sys_semaphore.cpp index c7dc32e5c3..e5fd7463b5 100644 --- a/rpcs3/Emu/SysCalls/lv2/sys_semaphore.cpp +++ b/rpcs3/Emu/SysCalls/lv2/sys_semaphore.cpp @@ -26,6 +26,16 @@ s32 sys_semaphore_create(vm::ptr sem, vm::ptr attr sys_semaphore.Warning("sys_semaphore_create(sem_addr=0x%x, attr_addr=0x%x, initial_count=%d, max_count=%d)", sem.addr(), attr.addr(), initial_count, max_count); + if (sem.addr() == NULL) { + sys_semaphore.Error("sys_semaphore_create(): invalid memory access (sem_addr=0x%x)", sem.addr()); + return CELL_EFAULT; + } + + if (attr.addr() == NULL) { + sys_semaphore.Error("sys_semaphore_create(): An invalid argument value is specified (attr_addr=0x%x)", attr.addr()); + return CELL_EINVAL; + } + if (max_count <= 0 || initial_count > max_count || initial_count < 0) { sys_semaphore.Error("sys_semaphore_create(): invalid parameters (initial_count=%d, max_count=%d)", initial_count, max_count); @@ -204,6 +214,11 @@ s32 sys_semaphore_get_value(u32 sem_id, vm::ptr count) { sys_semaphore.Log("sys_semaphore_get_value(sem_id=%d, count_addr=0x%x)", sem_id, count.addr()); + if (count.addr() == NULL) { + sys_semaphore.Error("sys_semaphore_get_value(): invalid memory access (count=0x%x)", count.addr()); + return CELL_EFAULT; + } + Semaphore* sem; if (!Emu.GetIdManager().GetIDData(sem_id, sem)) {