From 324a3624ac66a30e2204edcc242d7a09500d198c Mon Sep 17 00:00:00 2001 From: fincs Date: Thu, 21 Nov 2019 16:27:36 +0100 Subject: [PATCH] new-ipc: Introduce serviceCreateNonDomainSubservice in order to avoid calling cmifQueryPointerBufferSize during response parsing and corrupting output data as a result [bug found by @SciresM] --- nx/include/switch/sf/service.h | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/nx/include/switch/sf/service.h b/nx/include/switch/sf/service.h index 55e268e8..f3f5258e 100644 --- a/nx/include/switch/sf/service.h +++ b/nx/include/switch/sf/service.h @@ -142,6 +142,20 @@ NX_INLINE void serviceCreate(Service* s, Handle h) cmifQueryPointerBufferSize(h, &s->pointer_buffer_size); } +/** + * @brief Creates a non-domain subservice object from a parent service. + * @param[out] s Service object. + * @param[in] parent Parent service. + * @param[in] h IPC session handle for this subservice. + */ +NX_INLINE void serviceCreateNonDomainSubservice(Service* s, Service* parent, Handle h) +{ + s->session = h; + s->own_handle = 1; + s->object_id = 0; + s->pointer_buffer_size = parent->pointer_buffer_size; +} + /** * @brief Creates a domain subservice object from a parent service. * @param[out] s Service object. @@ -397,7 +411,7 @@ NX_INLINE Result serviceParseResponse( if (is_domain) serviceCreateDomainSubservice(&out_objects[i], s, cmifResponseGetObject(&res)); else // Output objects are marshalled as move handles at the beginning of the list. - serviceCreate(&out_objects[i], cmifResponseGetMoveHandle(&res)); + serviceCreateNonDomainSubservice(&out_objects[i], s, cmifResponseGetMoveHandle(&res)); } _serviceResponseGetHandle(&res, out_handle_attrs.attr0, &out_handles[0]);