kernel/svc: Sanitize heap sizes within svcSetHeapSize()

The kernel checks if the given size is a multiple of 2MB and <= to 4GB before going ahead and attempting to allocate that much memory.
author: Lioncash <mathew1800@gmail.com> 2018-09-13 19:09:04 -0400
committer: Lioncash <mathew1800@gmail.com> 2018-09-13 21:34:48 -0400
commit: 7bd2faad9a41a04d81e5b33d454ca01d9eb650e0 (patch)
tree: 79e5e5b17f95e21eef659d9ca9d2f7638d418c97 /src/core/hle/kernel/svc.cpp
parent: 8e7497d5bb17b7e322d191cd103479972bcdb39b (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/src/core/hle/kernel/svc.cpp b/src/core/hle/kernel/svc.cpp
index f500fd2e71..a3d169e469 100644
--- a/src/core/hle/kernel/svc.cpp
+++ b/src/core/hle/kernel/svc.cpp
@@ -39,6 +39,12 @@ namespace Kernel {
 /// Set the process heap to a given Size. It can both extend and shrink the heap.
 static ResultCode SetHeapSize(VAddr* heap_addr, u64 heap_size) {
     LOG_TRACE(Kernel_SVC, "called, heap_size=0x{:X}", heap_size);
+
+    // Size must be a multiple of 0x200000 (2MB) and be equal to or less than 4GB.
+    if ((heap_size & 0xFFFFFFFE001FFFFF) != 0) {
+        return ERR_INVALID_SIZE;
+    }
+
     auto& process = *Core::CurrentProcess();
     CASCADE_RESULT(*heap_addr,
                    process.HeapAllocate(Memory::HEAP_VADDR, heap_size, VMAPermission::ReadWrite));
author	Lioncash <mathew1800@gmail.com>	2018-09-13 19:09:04 -0400
committer	Lioncash <mathew1800@gmail.com>	2018-09-13 21:34:48 -0400
commit	7bd2faad9a41a04d81e5b33d454ca01d9eb650e0 (patch)
tree	79e5e5b17f95e21eef659d9ca9d2f7638d418c97 /src/core/hle/kernel/svc.cpp
parent	8e7497d5bb17b7e322d191cd103479972bcdb39b (diff)