From 297b790e4f14be284df39d5ac67e59527df41e29 Mon Sep 17 00:00:00 2001
From: JosJuice <josjuice@gmail.com>
Date: Mon, 13 Jan 2020 22:08:44 +0100
Subject: [PATCH] DiscIO: Add out of bounds checks for blob reading

---
 Source/Core/DiscIO/Blob.cpp          | 3 +++
 Source/Core/DiscIO/CISOBlob.cpp      | 3 +++
 Source/Core/DiscIO/DirectoryBlob.cpp | 6 ++++++
 Source/Core/DiscIO/WbfsBlob.cpp      | 3 +++
 4 files changed, 15 insertions(+)

diff --git a/Source/Core/DiscIO/Blob.cpp b/Source/Core/DiscIO/Blob.cpp
index a53c908eaf..20fe23e9ca 100644
--- a/Source/Core/DiscIO/Blob.cpp
+++ b/Source/Core/DiscIO/Blob.cpp
@@ -96,6 +96,9 @@ const SectorReader::Cache* SectorReader::GetCacheLine(u64 block_num)
 
 bool SectorReader::Read(u64 offset, u64 size, u8* out_ptr)
 {
+  if (offset + size > GetDataSize())
+    return false;
+
   u64 remain = size;
   u64 block = 0;
   u32 position_in_block = static_cast<u32>(offset % m_block_size);
diff --git a/Source/Core/DiscIO/CISOBlob.cpp b/Source/Core/DiscIO/CISOBlob.cpp
index 8de921e8e1..db55946136 100644
--- a/Source/Core/DiscIO/CISOBlob.cpp
+++ b/Source/Core/DiscIO/CISOBlob.cpp
@@ -49,6 +49,9 @@ u64 CISOFileReader::GetRawSize() const
 
 bool CISOFileReader::Read(u64 offset, u64 nbytes, u8* out_ptr)
 {
+  if (offset + nbytes > GetDataSize())
+    return false;
+
   while (nbytes != 0)
   {
     u64 const block = offset / m_block_size;
diff --git a/Source/Core/DiscIO/DirectoryBlob.cpp b/Source/Core/DiscIO/DirectoryBlob.cpp
index 723133fd8b..514fdc7c44 100644
--- a/Source/Core/DiscIO/DirectoryBlob.cpp
+++ b/Source/Core/DiscIO/DirectoryBlob.cpp
@@ -375,6 +375,9 @@ DirectoryBlobReader::DirectoryBlobReader(const std::string& game_partition_root,
 
 bool DirectoryBlobReader::Read(u64 offset, u64 length, u8* buffer)
 {
+  if (offset + length > m_data_size)
+    return false;
+
   // TODO: We don't handle raw access to the encrypted area of Wii discs correctly.
   return (m_is_wii ? m_nonpartition_contents : m_gamecube_pseudopartition.GetContents())
       .Read(offset, length, buffer);
@@ -394,6 +397,9 @@ bool DirectoryBlobReader::ReadWiiDecrypted(u64 offset, u64 size, u8* buffer, u64
   if (it == m_partitions.end())
     return false;
 
+  if (offset + size > it->second.GetDataSize())
+    return false;
+
   return it->second.GetContents().Read(offset, size, buffer);
 }
 
diff --git a/Source/Core/DiscIO/WbfsBlob.cpp b/Source/Core/DiscIO/WbfsBlob.cpp
index 8fa4ea2cd4..246eda260f 100644
--- a/Source/Core/DiscIO/WbfsBlob.cpp
+++ b/Source/Core/DiscIO/WbfsBlob.cpp
@@ -115,6 +115,9 @@ bool WbfsFileReader::ReadHeader()
 
 bool WbfsFileReader::Read(u64 offset, u64 nbytes, u8* out_ptr)
 {
+  if (offset + nbytes > GetDataSize())
+    return false;
+
   while (nbytes)
   {
     u64 read_size;