From a52fee22486d49454b8de8effb1b88ed89c98929 Mon Sep 17 00:00:00 2001
From: Mark Nokalt <marknokalt@live.com>
Date: Tue, 8 Feb 2022 04:32:10 -0300
Subject: [PATCH] nodes: Validate some buffer operations (#425)

* fix: NodeBufferSlice bounds validation

* fix: Make sure buffer is within u64 bounds in NodeCastBufferToInteger

* nodes: Use specific output methods in number constants
---
 lib/external/libromfs                         |  2 +-
 .../source/content/data_processor_nodes.cpp   | 20 ++++++++-----------
 2 files changed, 9 insertions(+), 13 deletions(-)

diff --git a/lib/external/libromfs b/lib/external/libromfs
index 5d3273443..0842d22de 160000
--- a/lib/external/libromfs
+++ b/lib/external/libromfs
@@ -1 +1 @@
-Subproject commit 5d3273443a47f4a2f295cc476b5266a84e836206
+Subproject commit 0842d22deb13e036eb1fb15df368b6cad552abfe
diff --git a/plugins/builtin/source/content/data_processor_nodes.cpp b/plugins/builtin/source/content/data_processor_nodes.cpp
index fca09eb88..941d6b282 100644
--- a/plugins/builtin/source/content/data_processor_nodes.cpp
+++ b/plugins/builtin/source/content/data_processor_nodes.cpp
@@ -109,10 +109,7 @@ namespace hex::plugin::builtin {
         }
 
         void process() override {
-            std::vector<u8> data(sizeof(this->m_value), 0);
-
-            std::memcpy(data.data(), &this->m_value, sizeof(u64));
-            this->setBufferOnOutput(0, data);
+            this->setIntegerOnOutput(0, this->m_value);
         }
 
         void store(nlohmann::json &j) override {
@@ -140,11 +137,7 @@ namespace hex::plugin::builtin {
         }
 
         void process() override {
-            std::vector<u8> data;
-            data.resize(sizeof(this->m_value));
-
-            std::copy(&this->m_value, &this->m_value + 1, data.data());
-            this->setBufferOnOutput(0, data);
+            this->setFloatOnOutput(0, this->m_value);
         }
 
         void store(nlohmann::json &j) override {
@@ -427,8 +420,11 @@ namespace hex::plugin::builtin {
         void process() override {
             auto input = this->getBufferOnInput(0);
 
-            u64 output;
-            std::memcpy(&output, input.data(), sizeof(u64));
+            if (input.size() == 0 || input.size() > sizeof(u64))
+                throwNodeError("Buffer is empty or bigger than 64 bits");
+
+            u64 output = 0;
+            std::memcpy(&output, input.data(), input.size());
 
             this->setIntegerOnOutput(1, output);
         }
@@ -538,7 +534,7 @@ namespace hex::plugin::builtin {
                 throwNodeError("'from' input out of range");
             if (to < 0 || from >= input.size())
                 throwNodeError("'to' input out of range");
-            if (to >= from)
+            if (to <= from)
                 throwNodeError("'to' input needs to be greater than 'from' input");
 
             this->setBufferOnOutput(3, std::vector(input.begin() + from, input.begin() + to));