*ash class: slightly better error handling & memory management. should help fix/avoid some issues with buffer overflowing using the hardcoded buffer size from crediar's original code

2024-06-24 11:26:10 +02:00 · 2011-01-29 08:44:22 +00:00 · 2011-01-29 08:44:22 +00:00 · c96add47e3
commit c96add47e3
parent 506aa591e5
3 changed files with 873 additions and 851 deletions
--- a/WiiQt/ash.cpp
+++ b/WiiQt/ash.cpp
@ -1,4 +1,8 @@
 #include "ash.h"
+
+//this is large enough for all the system menu ash0 files, and thats all i need it for
+#define BUFFER_SIZE 0x600000
+
 bool IsAshCompressed( const QByteArray ba )
 {
    return ba.startsWith( "ASH" );
@ -6,6 +10,7 @@ bool IsAshCompressed( const QByteArray ba )

 QByteArray DecryptAsh( const QByteArray ba )
 {
+    //qDebug() << "DecryptAsh()";
    if( !IsAshCompressed( ba ) )
    {
        qWarning() << "DecryptAsh -> wrong magic";
@ -16,7 +21,7 @@ QByteArray DecryptAsh( const QByteArray ba )
    quint32 t;

    quint64 memAddr = (quint64)( ba.data() );//in
-    r[4] = 0x80000000;
+    r[4] = 0x8000000;
    qint64 inDiff = memAddr - r[ 4 ];//difference in r[ 4 ] and the real address.  hack to support higher memory addresses than crediar's version

    r[5] = 0x415348;
@ -29,14 +34,25 @@ QByteArray DecryptAsh( const QByteArray ba )

    quint32 size = r[5];
    //qDebug() << "Decompressed size:" << hex << size;
+    if( size > BUFFER_SIZE )
+    {
+        qWarning() << "DecryptAsh(): this file was built with a buffer to small to deal with this archive.  Build it with a bigger one and try again."
+                << hex << size << ">" << BUFFER_SIZE;
+        return QByteArray();
+    }

-    char crap2[ size ];
-    quint64 memAddr2 = (quint64)( crap2 );//outbuf
-    r[3] = 0x90000000;
+    QByteArray crap2( size, '\0' );
+    if( (quint32)crap2.size() != size )
+    {
+        qWarning() << "DecryptAsh(): out of memory 1";
+        return QByteArray();
+    }
+    //char crap2[ size ];
+    quint64 memAddr2 = (quint64)( crap2.data() );//outbuf
+    r[3] = 0x9000000;
    qint64 outDiff = memAddr2 - r[ 3 ];//difference in r[ 3 ] and the real address

    quint32 o = r[ 3 ];
-    memset( (void*)( r[ 3 ] + outDiff ), 0, size );

    r[24] = 0x10;
    r[28] = qFromBigEndian(*(quint32 *)(r[4]+8 + inDiff));
@ -48,12 +64,18 @@ QByteArray DecryptAsh( const QByteArray ba )
    //r[8] = 0x8108<<16;
    //HACK, pointer to RAM

-    char crap3[ 0x100000 ];
-    quint64 memAddr3 = (quint64)( crap3 );//outbuf
+    QByteArray crap3( BUFFER_SIZE, '\0' );
+    if( crap3.size() != BUFFER_SIZE )
+    {
+        qWarning() << "DecryptAsh(): out of memory 1";
+        return QByteArray();
+    }
+
+    //char crap3[ 0x100000 ];
+    quint64 memAddr3 = (quint64)( crap3.data() );//outbuf
    r[8] = 0x84000000;
    qint64 outDiff2 = memAddr3 - r[ 8 ];//difference in r[ 3 ] and the real address
    memset( (void*)( r[8] + outDiff2 ), 0, 0x100000 );
-
    r[8] = r[8];
    r[9] = r[8] + 0x07FE;
    r[10] = r[9] + 0x07FE;