Fix a crash in the Wiimote registration code

The code was hitting undefined behavior, causing crashes when starting a Wii game with Dolphin compiled with gcc >= 4.8. Might introduce some slight change in the Wiimote activation logic. Fixes issue 6526.
dolphin-emu · Aug 25, 2013 · 0e8f9d8 · 0e8f9d8
1 parent 18749ba
commit 0e8f9d8
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 54 deletions.
diff --git a/Source/Core/Core/Src/IPC_HLE/WII_IPC_HLE_Device_usb.cpp b/Source/Core/Core/Src/IPC_HLE/WII_IPC_HLE_Device_usb.cpp
@@ -32,71 +32,42 @@ CWII_IPC_HLE_Device_usb_oh1_57e_305::CWII_IPC_HLE_Device_usb_oh1_57e_305(u32 _De
 	}
 	else
 	{
-		u8 maxWM = min<u8>(BT_DINF.num_registered, MAX_BBMOTES);
 		bdaddr_t tmpBD = BDADDR_ANY;
 		u8 i = 0;
-		while (i < maxWM)
+		while (i < MAX_BBMOTES)
 		{
-			tmpBD.b[5] = BT_DINF.active[i].bdaddr[0] = BT_DINF.registered[i].bdaddr[0];
-			tmpBD.b[4] = BT_DINF.active[i].bdaddr[1] = BT_DINF.registered[i].bdaddr[1];
-			tmpBD.b[3] = BT_DINF.active[i].bdaddr[2] = BT_DINF.registered[i].bdaddr[2];
-			tmpBD.b[2] = BT_DINF.active[i].bdaddr[3] = BT_DINF.registered[i].bdaddr[3];
-			tmpBD.b[1] = BT_DINF.active[i].bdaddr[4] = BT_DINF.registered[i].bdaddr[4];
-			tmpBD.b[0] = BT_DINF.active[i].bdaddr[5] = BT_DINF.registered[i].bdaddr[5];
-			if(i == WIIMOTE_BALANCE_BOARD)
+			if (i < BT_DINF.num_registered)
 			{
-				const char * wmName = "Nintendo RVL-WBC-01";
-				memcpy(BT_DINF.registered[i].name, wmName, 20);
-				memcpy(BT_DINF.balance_board.name, wmName, 20);
+				tmpBD.b[5] = BT_DINF.active[i].bdaddr[0] = BT_DINF.registered[i].bdaddr[0];
+				tmpBD.b[4] = BT_DINF.active[i].bdaddr[1] = BT_DINF.registered[i].bdaddr[1];
+				tmpBD.b[3] = BT_DINF.active[i].bdaddr[2] = BT_DINF.registered[i].bdaddr[2];
+				tmpBD.b[2] = BT_DINF.active[i].bdaddr[3] = BT_DINF.registered[i].bdaddr[3];
+				tmpBD.b[1] = BT_DINF.active[i].bdaddr[4] = BT_DINF.registered[i].bdaddr[4];
+				tmpBD.b[0] = BT_DINF.active[i].bdaddr[5] = BT_DINF.registered[i].bdaddr[5];
 			}
 			else
 			{
-				const char * wmName = "Nintendo RVL-CNT-01";
-				memcpy(BT_DINF.registered[i].name, wmName, 20);
-				memcpy(BT_DINF.active[i].name, wmName, 20);
+				tmpBD.b[5] = BT_DINF.active[i].bdaddr[0] = BT_DINF.registered[i].bdaddr[0] = i;
+				tmpBD.b[4] = BT_DINF.active[i].bdaddr[1] = BT_DINF.registered[i].bdaddr[1] = 0;
+				tmpBD.b[3] = BT_DINF.active[i].bdaddr[2] = BT_DINF.registered[i].bdaddr[2] = 0x79;
+				tmpBD.b[2] = BT_DINF.active[i].bdaddr[3] = BT_DINF.registered[i].bdaddr[3] = 0x19;
+				tmpBD.b[1] = BT_DINF.active[i].bdaddr[4] = BT_DINF.registered[i].bdaddr[4] = 2;
+				tmpBD.b[0] = BT_DINF.active[i].bdaddr[5] = BT_DINF.registered[i].bdaddr[5] = 0x11;
 			}
 
+			const char* wmName;
+			if (i == WIIMOTE_BALANCE_BOARD)
+				wmName = "Nintendo RVL-WBC-01";
+			else
+				wmName = "Nintendo RVL-CNT-01";
+			memcpy(BT_DINF.registered[i].name, wmName, 20);
+			memcpy(BT_DINF.active[i].name, wmName, 20);
+
 			INFO_LOG(WII_IPC_WIIMOTE, "Wiimote %d BT ID %x,%x,%x,%x,%x,%x", i, tmpBD.b[0], tmpBD.b[1], tmpBD.b[2], tmpBD.b[3], tmpBD.b[4], tmpBD.b[5]);
 			m_WiiMotes.push_back(CWII_IPC_HLE_WiiMote(this, i, tmpBD, false));
 			i++;
 		}
-		while (i < MAX_BBMOTES)
-		{
-			if(i == WIIMOTE_BALANCE_BOARD)
-			{
-				const char * wmName = "Nintendo RVL-WBC-01";
-				++BT_DINF.num_registered;
-				BT_DINF.balance_board.bdaddr[0] = BT_DINF.registered[i].bdaddr[0] = tmpBD.b[5] = i;
-				BT_DINF.balance_board.bdaddr[1] = BT_DINF.registered[i].bdaddr[1] = tmpBD.b[4] = 0;
-				BT_DINF.balance_board.bdaddr[2] = BT_DINF.registered[i].bdaddr[2] = tmpBD.b[3] = 0x79;
-				BT_DINF.balance_board.bdaddr[3] = BT_DINF.registered[i].bdaddr[3] = tmpBD.b[2] = 0x19;
-				BT_DINF.balance_board.bdaddr[4] = BT_DINF.registered[i].bdaddr[4] = tmpBD.b[1] = 2;
-				BT_DINF.balance_board.bdaddr[5] = BT_DINF.registered[i].bdaddr[5] = tmpBD.b[0] = 0x11;
-				memcpy(BT_DINF.registered[i].name, wmName, 20);
-				memcpy(BT_DINF.balance_board.name, wmName, 20);
-
-				INFO_LOG(WII_IPC_WIIMOTE, "Balance Board %d BT ID %x,%x,%x,%x,%x,%x", i, tmpBD.b[0], tmpBD.b[1], tmpBD.b[2], tmpBD.b[3], tmpBD.b[4], tmpBD.b[5]);
-				m_WiiMotes.push_back(CWII_IPC_HLE_WiiMote(this, i, tmpBD, false));
-			}
-			else
-			{
-				const char * wmName = "Nintendo RVL-CNT-01";
-				++BT_DINF.num_registered;
-				BT_DINF.active[i].bdaddr[0] = BT_DINF.registered[i].bdaddr[0] = tmpBD.b[5] = i;
-				BT_DINF.active[i].bdaddr[1] = BT_DINF.registered[i].bdaddr[1] = tmpBD.b[4] = 0;
-				BT_DINF.active[i].bdaddr[2] = BT_DINF.registered[i].bdaddr[2] = tmpBD.b[3] = 0x79;
-				BT_DINF.active[i].bdaddr[3] = BT_DINF.registered[i].bdaddr[3] = tmpBD.b[2] = 0x19;
-				BT_DINF.active[i].bdaddr[4] = BT_DINF.registered[i].bdaddr[4] = tmpBD.b[1] = 2;
-				BT_DINF.active[i].bdaddr[5] = BT_DINF.registered[i].bdaddr[5] = tmpBD.b[0] = 0x11;
-				memcpy(BT_DINF.registered[i].name, wmName, 20);
-
-				INFO_LOG(WII_IPC_WIIMOTE, "Adding to SYSConf Wiimote %d BT ID %x,%x,%x,%x,%x,%x", i, tmpBD.b[0], tmpBD.b[1], tmpBD.b[2], tmpBD.b[3], tmpBD.b[4], tmpBD.b[5]);
-				m_WiiMotes.push_back(CWII_IPC_HLE_WiiMote(this, i, tmpBD, false));
-
-			}
-			i++;
-		}
-
+
 		// save now so that when games load sysconf file it includes the new wiimotes
 		// and the correct order for connected wiimotes
 		if (!SConfig::GetInstance().m_SYSCONF->SetArrayData("BT.DINF", (u8*)&BT_DINF, sizeof(_conf_pads)) || !SConfig::GetInstance().m_SYSCONF->Save())

diff --git a/Source/Core/Core/Src/IPC_HLE/WII_IPC_HLE_Device_usb.h b/Source/Core/Core/Src/IPC_HLE/WII_IPC_HLE_Device_usb.h
@@ -286,8 +286,7 @@ class CWII_IPC_HLE_Device_usb_oh1_57e_305 : public IWII_IPC_HLE_Device
 	{
 		u8 num_registered;
 		_conf_pad_device registered[CONF_PAD_MAX_REGISTERED];
-		_conf_pad_device active[MAX_WIIMOTES];
-		_conf_pad_device balance_board;
+		_conf_pad_device active[MAX_BBMOTES];
 		u8 unknown[0x45];
 	};
 #pragma pack(pop)