3dbrew

3DS Userland Flaws: Difference between revisions

← Older editNewer edit →
Line 239: Line 239:
|-
|-
| bossbannerhax
| bossbannerhax
| This isn't really useful due to [[BOSS_Services#Custom_SpotPass_content|this]].
| After successfully loading [[Extended_Banner|extended-banner]] data(done when selecting an icon), Home Menu attempts to load "[[CBMD]]" data into a 0x100000-byte heap buffer from the [[BOSS_Services|stored]] SpotPass content. When successful and the magic-number is CBMD, Home Menu then decompresses the exbanner sections into another fixed-size heap buffer, without checking the outsize at all. The main CBMD CGFX code with ExeFS checks the size, but this code doesn't(however this is exbanner "CBMD", not a "normal" CBMD).


After successfully loading [[Extended_Banner|extended-banner]] data(done when selecting an icon), Home Menu attempts to load [[CBMD]] data into a 0x100000-byte heap buffer from the [[BOSS_Services|stored]] SpotPass content. When successful and the magic-number is CBMD, Home Menu then decompresses the CGFX sections into another fixed-size heap buffer, without checking the outsize at all. The main CBMD CGFX code with ExeFS checks the size, but this code doesn't.
Used with menuhax as of v3.2.
| None
| None
| [[11.2.0-35|11.2.0-X]]
| [[11.2.0-35|11.2.0-X]]
Retrieved from "https://www.3dbrew.org/wiki/3DS_Userland_Flaws"