web_browser: Add bounds checking to applet interface

2018-12-28 18:20:29 +07:00 · 2018-12-28 18:20:29 +07:00 · cb930c4b5a
parent ef4c4e239d
commit cb930c4b5a
10 changed files with 160 additions and 146 deletions
--- a/src/core/core.cpp
+++ b/src/core/core.cpp
@ -203,6 +203,11 @@ struct System::Impl {
        // Close app loader
        app_loader.reset();
        // Clear all applets
        profile_selector.reset();
        software_keyboard.reset();
        web_browser.reset();
        LOG_DEBUG(Core, "Shutdown OK");
    }
--- a/src/core/hle/service/am/applets/web_browser.cpp
+++ b/src/core/hle/service/am/applets/web_browser.cpp
@ -49,17 +49,20 @@ static_assert(sizeof(WebArgumentResult) == 0x1010, "WebArgumentResult has incorr
 static std::vector<u8> GetArgumentDataForTagType(const std::vector<u8>& data, u16 type) {
    WebBufferHeader header;
    ASSERT(sizeof(WebBufferHeader) <= data.size());
    std::memcpy(&header, data.data(), sizeof(WebBufferHeader));
    u64 offset = sizeof(WebBufferHeader);
    for (u16 i = 0; i < header.count; ++i) {
        WebArgumentHeader arg;
        ASSERT(offset + sizeof(WebArgumentHeader) <= data.size());
        std::memcpy(&arg, data.data() + offset, sizeof(WebArgumentHeader));
        offset += sizeof(WebArgumentHeader);
        if (arg.type == type) {
            std::vector<u8> out(arg.size);
            offset += arg.offset;
            ASSERT(offset + arg.size <= data.size());
            std::memcpy(out.data(), data.data() + offset, out.size());
            return out;
        }
@ -91,19 +94,17 @@ WebBrowser::WebBrowser() = default;
 WebBrowser::~WebBrowser() = default;
 void WebBrowser::Initialize() {
    Applet::Initialize();
    complete = false;
    temporary_dir.clear();
    filename.clear();
    status = RESULT_SUCCESS;
    Applet::Initialize();
    const auto web_arg_storage = broker.PopNormalDataToApplet();
    ASSERT(web_arg_storage != nullptr);
    const auto& web_arg = web_arg_storage->GetData();
    LOG_CRITICAL(Service_AM, "{}", Common::HexVectorToString(web_arg));
    const auto url_data = GetArgumentDataForTagType(web_arg, WEB_ARGUMENT_URL_TYPE);
    filename = Common::StringFromFixedZeroTerminatedBuffer(
        reinterpret_cast<const char*>(url_data.data()), url_data.size());
@ -133,7 +134,7 @@ ResultCode WebBrowser::GetStatus() const {
 }
 void WebBrowser::ExecuteInteractive() {
-    UNIMPLEMENTED_MSG(Service_AM, "Unexpected interactive data recieved!");
+    UNIMPLEMENTED_MSG("Unexpected interactive data recieved!");
 }
 void WebBrowser::Execute() {
@ -147,8 +148,7 @@ void WebBrowser::Execute() {
    const auto& frontend{Core::System::GetInstance().GetWebBrowser()};
-    frontend.OpenPage(
+    frontend.OpenPage(filename, [this] { UnpackRomFS(); }, [this] { Finalize(); });
        filename, [this] { UnpackRomFS(); }, [this] { Finalize(); });
 }
 void WebBrowser::UnpackRomFS() {
--- a/src/core/hle/service/hid/controllers/npad.cpp
+++ b/src/core/hle/service/hid/controllers/npad.cpp
@ -638,10 +638,8 @@ void Controller_NPad::ClearAllControllers() {
                  });
 }
-u32 Controller_NPad::GetPressState() {
+u32 Controller_NPad::GetAndResetPressState() {
-    const auto res = press_state;
+    return std::exchange(press_state, 0);
    press_state = 0;
    return res;
 }
 bool Controller_NPad::IsControllerSupported(NPadControllerType controller) const {
--- a/src/core/hle/service/hid/controllers/npad.h
+++ b/src/core/hle/service/hid/controllers/npad.h
@ -126,7 +126,7 @@ public:
    // Logical OR for all buttons presses on all controllers
    // Specifically for cheat engine and other features.
-    u32 GetPressState();
+    u32 GetAndResetPressState();
    static std::size_t NPadIdToIndex(u32 npad_id);
    static u32 IndexToNPad(std::size_t index);
--- a/src/core/hle/service/hid/hid.cpp
+++ b/src/core/hle/service/hid/hid.cpp
@ -136,6 +136,10 @@ private:
 };
 std::shared_ptr<IAppletResource> Hid::GetAppletResource() {
    if (applet_resource == nullptr) {
        applet_resource = std::make_shared<IAppletResource>();
    }
    return applet_resource;
 }
--- a/src/core/loader/nsp.h
+++ b/src/core/loader/nsp.h
@ -44,7 +44,6 @@ public:
    ResultStatus ReadIcon(std::vector<u8>& buffer) override;
    ResultStatus ReadTitle(std::string& title) override;
    ResultStatus ReadControlData(FileSys::NACP& nacp) override;
    ResultStatus ReadDeveloper(std::string& developer) override;
    ResultStatus ReadManualRomFS(FileSys::VirtualFile& file) override;
 private:
--- a/src/core/loader/xci.h
+++ b/src/core/loader/xci.h
@ -44,7 +44,6 @@ public:
    ResultStatus ReadIcon(std::vector<u8>& buffer) override;
    ResultStatus ReadTitle(std::string& title) override;
    ResultStatus ReadControlData(FileSys::NACP& control) override;
    ResultStatus ReadDeveloper(std::string& developer) override;
    ResultStatus ReadManualRomFS(FileSys::VirtualFile& file) override;
 private:
--- a/src/yuzu/applets/web_browser.cpp
+++ b/src/yuzu/applets/web_browser.cpp
@ -10,15 +10,17 @@
 #include "yuzu/applets/web_browser.h"
 #include "yuzu/main.h"
 #ifdef YUZU_USE_QT_WEB_ENGINE
 constexpr char NX_SHIM_INJECT_SCRIPT[] = R"(
    window.nx = {};
    window.nx.playReport = {};
    window.nx.playReport.setCounterSetIdentifier = function () {
-        console.log("nx.footer.setCounterSetIdentifier called - unimplemented");
+        console.log("nx.playReport.setCounterSetIdentifier called - unimplemented");
    };
    window.nx.playReport.incrementCounter = function () {
-        console.log("nx.footer.incrementCounter called - unimplemented");
+        console.log("nx.playReport.incrementCounter called - unimplemented");
    };
    window.nx.footer = {};
@ -56,6 +58,12 @@ constexpr char NX_SHIM_INJECT_SCRIPT[] = R"(
    };
 )";
 QString GetNXShimInjectionScript() {
    return QString::fromStdString(NX_SHIM_INJECT_SCRIPT);
 }
 NXInputWebEngineView::NXInputWebEngineView(QWidget* parent) : QWebEngineView(parent) {}
 void NXInputWebEngineView::keyPressEvent(QKeyEvent* event) {
    parent()->event(event);
 }
@ -64,11 +72,7 @@ void NXInputWebEngineView::keyReleaseEvent(QKeyEvent* event) {
    parent()->event(event);
 }
-QString GetNXShimInjectionScript() {
+#endif
    return QString::fromStdString(NX_SHIM_INJECT_SCRIPT);
 }
 NXInputWebEngineView::NXInputWebEngineView(QWidget* parent) : QWebEngineView(parent) {}
 QtWebBrowser::QtWebBrowser(GMainWindow& main_window) {
    connect(this, &QtWebBrowser::MainWindowOpenPage, &main_window, &GMainWindow::WebBrowserOpenPage,
--- a/src/yuzu/applets/web_browser.h
+++ b/src/yuzu/applets/web_browser.h
@ -6,22 +6,30 @@
 #include <functional>
 #include <QObject>
 #ifdef YUZU_USE_QT_WEB_ENGINE
 #include <QWebEngineView>
 #endif
 #include "core/frontend/applets/web_browser.h"
 class GMainWindow;
 #ifdef YUZU_USE_QT_WEB_ENGINE
 QString GetNXShimInjectionScript();
 class NXInputWebEngineView : public QWebEngineView {
 public:
-    NXInputWebEngineView(QWidget* parent = nullptr);
+    explicit NXInputWebEngineView(QWidget* parent = nullptr);
 protected:
    void keyPressEvent(QKeyEvent* event) override;
    void keyReleaseEvent(QKeyEvent* event) override;
 };
 #endif
 class QtWebBrowser final : public QObject, public Core::Frontend::WebBrowserApplet {
    Q_OBJECT
--- a/src/yuzu/main.h
+++ b/src/yuzu/main.h
@ -13,6 +13,7 @@
 #include "common/common_types.h"
 #include "core/core.h"
 #include "core/hle/service/acc/profile_manager.h"
 #include "ui_main.h"
 #include "yuzu/compatibility_list.h"
 #include "yuzu/hotkeys.h"
@ -39,10 +40,6 @@ class RegisteredCacheUnion;
 class VfsFilesystem;
 } // namespace FileSys
 namespace Service::Account {
 struct UUID;
 } // namespace Service::Account
 namespace Tegra {
 class DebugContext;
 }