libstrat: fix potential oob deref in WaitableManager (closes #256)

This commit is contained in:
Michael Scire 2018-11-07 19:09:58 -08:00
parent 2894989eb7
commit bac81f4ccc

View File

@ -212,10 +212,9 @@ class WaitableManager : public SessionManagerBase {
/* Wait forever. */ /* Wait forever. */
rc = svcWaitSynchronization(&handle_index, handles.data(), num_handles, U64_MAX); rc = svcWaitSynchronization(&handle_index, handles.data(), num_handles, U64_MAX);
if (R_SUCCEEDED(rc)) {
IWaitable *w = wait_list[handle_index]; IWaitable *w = wait_list[handle_index];
size_t w_ind = std::distance(this->waitables.begin(), std::find(this->waitables.begin(), this->waitables.end(), w)); size_t w_ind = std::distance(this->waitables.begin(), std::find(this->waitables.begin(), this->waitables.end(), w));
if (R_SUCCEEDED(rc)) {
std::for_each(waitables.begin(), waitables.begin() + w_ind, std::mem_fn(&IWaitable::UpdatePriority)); std::for_each(waitables.begin(), waitables.begin() + w_ind, std::mem_fn(&IWaitable::UpdatePriority));
result = w; result = w;
} else if (rc == 0xEA01) { } else if (rc == 0xEA01) {
@ -233,6 +232,8 @@ class WaitableManager : public SessionManagerBase {
} else if (rc != 0xF601 && rc != 0xE401) { } else if (rc != 0xF601 && rc != 0xE401) {
std::abort(); std::abort();
} else { } else {
IWaitable *w = wait_list[handle_index];
size_t w_ind = std::distance(this->waitables.begin(), std::find(this->waitables.begin(), this->waitables.end(), w));
this->waitables.erase(this->waitables.begin() + w_ind); this->waitables.erase(this->waitables.begin() + w_ind);
std::for_each(waitables.begin(), waitables.begin() + w_ind - 1, std::mem_fn(&IWaitable::UpdatePriority)); std::for_each(waitables.begin(), waitables.begin() + w_ind - 1, std::mem_fn(&IWaitable::UpdatePriority));
delete w; delete w;