From 01a767cbfaa2dc6a4a1d3ab55140b299395a3813 Mon Sep 17 00:00:00 2001 From: CTCaer Date: Fri, 17 Jan 2020 09:26:13 +0200 Subject: [PATCH] fss0: Fix heap corruption when sept is loaded from fss --- bootloader/hos/fss.c | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/bootloader/hos/fss.c b/bootloader/hos/fss.c index 1685acb..d20c334 100644 --- a/bootloader/hos/fss.c +++ b/bootloader/hos/fss.c @@ -97,22 +97,22 @@ int parse_fss(launch_ctxt_t *ctxt, const char *path, fss0_sept_t *sept_ctxt) bool stock = false; int sept_used = 0; - LIST_FOREACH_ENTRY(ini_kv_t, kv, &ctxt->cfg->kvs, link) + if (!sept_ctxt) { - if (!strcmp("stock", kv->key)) - if (kv->val[0] == '1') - stock = true; - } + LIST_FOREACH_ENTRY(ini_kv_t, kv, &ctxt->cfg->kvs, link) + { + if (!strcmp("stock", kv->key)) + if (kv->val[0] == '1') + stock = true; + } - if (!sept_ctxt && stock && ctxt->pkg1_id->kb <= KB_FIRMWARE_VERSION_620 && (!emu_cfg.enabled || h_cfg.emummc_force_disable)) - return 1; + if (ctxt->pkg1_id->kb <= KB_FIRMWARE_VERSION_620 && (!emu_cfg.enabled || h_cfg.emummc_force_disable)) + return 1; + } if (f_open(&fp, path, FA_READ) != FR_OK) return 0; - if (!sept_ctxt) - ctxt->atmosphere = true; - void *fss = malloc(f_size(&fp)); // Read header. f_read(&fp, fss, 0x400, NULL); @@ -128,6 +128,12 @@ int parse_fss(launch_ctxt_t *ctxt, const char *path, fss0_sept_t *sept_ctxt) fss_meta->version >> 24, (fss_meta->version >> 16) & 0xFF, (fss_meta->version >> 8) & 0xFF, fss_meta->git_rev, fss_meta->hos_ver >> 24, (fss_meta->hos_ver >> 16) & 0xFF, (fss_meta->hos_ver >> 8) & 0xFF); + if (!sept_ctxt) + { + ctxt->atmosphere = true; + ctxt->fss0_hosver = fss_meta->hos_ver; + } + fss_content_t *curr_fss_cnt = (fss_content_t *)(fss + fss_meta->cnt_off); void *content; for (u32 i = 0; i < fss_meta->cnt_count; i++)