Leahnaya/gba-link-connection
1
0
Fork 0
mirror of https://github.com/afska/gba-link-connection.git synced 2026-04-25 08:07:59 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

FIX: Uninitialized and unaligned reads in LinkWirelessOpenSDK

Browse Source
This commit is contained in:
Rodrigo Alfonso 2025-01-11 21:43:29 -03:00
parent 0990e424eb
commit 1bf1edda0f
2 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
docs/wireless_adapter.md
View File

@ -613,6 +613,7 @@ enum CommState : unsigned int {
- Transfers can contain more than one packet.
- As the maximum transfer lengths are `87` (server) and `16` (client), based on header sizes, the maximum payload lengths are `84` and `14`.
- The `targetSlots` field inside the server header is a bit array that indicates which clients the message is directed to. E.g. `0b0100` means 'client 2 only' and `0b1111` means 'all clients'.
- In `ServerSDKHeader` and `ClientSDKHeader`, all the non-documented bits (including `_unused_`) should be `0`. Otherwise, the official SDK might not respond!
### (1) Client handshake

12
lib/LinkWirelessOpenSDK.hpp
View File

@ -36,8 +36,8 @@ class LinkWirelessOpenSDK {
static constexpr int MAX_TRANSFER_BYTES_CLIENT = 16;
static constexpr int HEADER_SIZE_SERVER = 3;
static constexpr int HEADER_SIZE_CLIENT = 2;
static constexpr int HEADER_MASK_SERVER = (1 << (HEADER_SIZE_SERVER * 8)) - 1;
static constexpr int HEADER_MASK_CLIENT = (1 << (HEADER_SIZE_CLIENT * 8)) - 1;
static constexpr int HEADER_MASK_SERVER = 0b1111111111111111111111;
static constexpr int HEADER_MASK_CLIENT = 0b11111111111111;
static constexpr int MAX_PAYLOAD_SERVER =
MAX_TRANSFER_BYTES_SERVER - HEADER_SIZE_SERVER;
static constexpr int MAX_PAYLOAD_CLIENT =
@ -161,7 +161,7 @@ class LinkWirelessOpenSDK {
ClientPacket* packet =
&clientResponse->packets[clientResponse->packetsSize];
u32 headerInt = *((u16*)(buffer + cursor));
u32 headerInt = (buffer[cursor + 1] << 8) | buffer[cursor];
packet->header = parseClientHeader(headerInt);
cursor += HEADER_SIZE_CLIENT;
remainingBytes -= HEADER_SIZE_CLIENT;
@ -202,8 +202,8 @@ class LinkWirelessOpenSDK {
ServerPacket* packet =
&serverResponse->packets[serverResponse->packetsSize];
u32 headerInt = (*((u16*)(buffer + cursor))) |
(((*((u8*)(buffer + cursor + 2)))) << 16);
u32 headerInt = (buffer[cursor + 2] << 16) | (buffer[cursor + 1] << 8) |
buffer[cursor];
packet->header = parseServerHeader(headerInt);
cursor += HEADER_SIZE_SERVER;
remainingBytes -= HEADER_SIZE_SERVER;
@ -253,6 +253,7 @@ class LinkWirelessOpenSDK {
buffer.header.n = sequence.n;
buffer.header.phase = sequence.phase;
buffer.header.commState = sequence.commState;
buffer.header._unused_ = 0;
u32 headerInt = serializeServerHeader(buffer.header);
buffer.data[buffer.dataSize++] = headerInt;
@ -375,6 +376,7 @@ class LinkWirelessOpenSDK {
serverHeader.n = clientHeader.n;
serverHeader.phase = clientHeader.phase;
serverHeader.commState = clientHeader.commState;
serverHeader._unused_ = 0;
return serverHeader;
}