svc: Add missing sanitizing checks for MapSharedMemory/UnmapSharedMemory

Now that the changes clarifying the address spaces has been merged, we can wrap the checks that the kernel performs when mapping shared memory (and other forms of memory) into its own helper function and then use those within MapSharedMemory and UnmapSharedMemory to complete the sanitizing checks that are supposed to be done.
author: Lioncash <mathew1800@gmail.com> 2018-10-17 22:39:21 -0400
committer: Lioncash <mathew1800@gmail.com> 2018-10-18 02:01:21 -0400
commit: 33830aa65ac58a03a91de9ac4fc8d91fe28f6d4e (patch)
tree: 54ec4efc8021d87b2d5110c9aa047d5a8f5d3fe0 /src/core/hle/kernel/svc.cpp
parent: 7dee60d7d24dabcc2c52c8c2135f1c89adb57ff6 (diff)
1 files changed, 27 insertions, 3 deletions
diff --git a/src/core/hle/kernel/svc.cpp b/src/core/hle/kernel/svc.cpp
index d08b84bde7..d3971a25ee 100644
--- a/src/core/hle/kernel/svc.cpp
+++ b/src/core/hle/kernel/svc.cpp
@@ -578,6 +578,10 @@ static ResultCode MapSharedMemory(Handle shared_memory_handle, VAddr addr, u64 s
         return ERR_INVALID_SIZE;
     }
 
+    if (!IsValidAddressRange(addr, size)) {
+        return ERR_INVALID_ADDRESS_STATE;
+    }
+
     const auto permissions_type = static_cast<MemoryPermission>(permissions);
     if (permissions_type != MemoryPermission::Read &&
         permissions_type != MemoryPermission::ReadWrite) {
@@ -591,8 +595,14 @@ static ResultCode MapSharedMemory(Handle shared_memory_handle, VAddr addr, u64 s
         return ERR_INVALID_HANDLE;
     }
 
-    return shared_memory->Map(Core::CurrentProcess(), addr, permissions_type,
-                              MemoryPermission::DontCare);
+    auto* const current_process = Core::CurrentProcess();
+    const auto& vm_manager = current_process->VMManager();
+
+    if (!vm_manager.IsWithinASLRRegion(addr, size)) {
+        return ERR_INVALID_MEMORY_RANGE;
+    }
+
+    return shared_memory->Map(current_process, addr, permissions_type, MemoryPermission::DontCare);
 }
 
 static ResultCode UnmapSharedMemory(Handle shared_memory_handle, VAddr addr, u64 size) {
@@ -607,10 +617,24 @@ static ResultCode UnmapSharedMemory(Handle shared_memory_handle, VAddr addr, u64
         return ERR_INVALID_SIZE;
     }
 
+    if (!IsValidAddressRange(addr, size)) {
+        return ERR_INVALID_ADDRESS_STATE;
+    }
+
     auto& kernel = Core::System::GetInstance().Kernel();
     auto shared_memory = kernel.HandleTable().Get<SharedMemory>(shared_memory_handle);
+    if (!shared_memory) {
+        return ERR_INVALID_HANDLE;
+    }
+
+    auto* const current_process = Core::CurrentProcess();
+    const auto& vm_manager = current_process->VMManager();
+
+    if (!vm_manager.IsWithinASLRRegion(addr, size)) {
+        return ERR_INVALID_MEMORY_RANGE;
+    }
 
-    return shared_memory->Unmap(Core::CurrentProcess(), addr);
+    return shared_memory->Unmap(current_process, addr);
 }
 
 /// Query process memory
author	Lioncash <mathew1800@gmail.com>	2018-10-17 22:39:21 -0400
committer	Lioncash <mathew1800@gmail.com>	2018-10-18 02:01:21 -0400
commit	33830aa65ac58a03a91de9ac4fc8d91fe28f6d4e (patch)
tree	54ec4efc8021d87b2d5110c9aa047d5a8f5d3fe0 /src/core/hle/kernel/svc.cpp
parent	7dee60d7d24dabcc2c52c8c2135f1c89adb57ff6 (diff)