IOS/ES: Fix crash when deleting tickets #11592
Conversation
This broke formatting the system memory; see https://bugs.dolphin-emu.org/issues/13176. After calling ticket.DeleteTicket(), ticket.m_bytes was 0-length, but calling ticket.IsV1Ticket() still attempted to read from m_bytes. This was introduced in 2fd9852, although it didn't actually cause a crash until 929fba0.
Kind of. v1 tickets are variable-size, but we currently assume that there can only be one v1 ticket in a ticket file, so the existing logic in DeleteTicket and the other TicketReader functions work just fine. Technically that is an assumption we should not be making because ES does seem to have the ability to store multiple v1 tickets in a single v1 ticket file, but I'm not sure if that feature is used by any official title.
No, that's impossible given the assumption I mentioned earlier and also because v1 tickets are stored in a separate ticket file (the one with a .tv1 extension) that exclusively stores v1 tickets. So the assertion seems correct to me. |
This broke formatting the system memory; see https://bugs.dolphin-emu.org/issues/13176. After calling
ticket.DeleteTicket(),ticket.m_byteswas 0-length, but callingticket.IsV1Ticket()still attempted to read from m_bytes.This was introduced in 2fd9852 (#11240), although it didn't actually cause a crash until 929fba0 (#11383).
I'm not 100% sure if deleting a V1 ticket requires special logic (probably not), or if the process of deleting a V1 ticket could convert it into a V0 ticket somehow (I added an assertion for this). @noahpistilli may know more.