From 5ce22a67dc3f1bc76323bb375a849ebdffd50899 Mon Sep 17 00:00:00 2001
From: CTCaer <ctcaer@gmail.com>
Date: Fri, 24 Jan 2025 15:21:20 +0200
Subject: [PATCH] bdk: sdmmc: check for out bounds access

---
 bdk/storage/sdmmc.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/bdk/storage/sdmmc.c b/bdk/storage/sdmmc.c
index 6458b44..995fefa 100644
--- a/bdk/storage/sdmmc.c
+++ b/bdk/storage/sdmmc.c
@@ -27,10 +27,13 @@
 #include <memory_map.h>
 #include <gfx_utils.h>
 
-//#define SDMMC_DEBUG_PRINT_SD_REGS
 //#define DPRINTF(...) gfx_printf(__VA_ARGS__)
 #define DPRINTF(...)
 
+#ifdef BDK_SDMMC_EXTRA_PRINT
+#define ERROR_EXTRA_PRINTING
+#endif
+
 u32 sd_power_cycle_time_start;
 
 static inline u32 unstuff_bits(const u32 *resp, u32 start, u32 size)
@@ -256,6 +259,15 @@ static int _sdmmc_storage_readwrite(sdmmc_storage_t *storage, u32 sector, u32 nu
 	if (!storage->initialized)
 		return 0;
 
+	// Check if out of bounds.
+	if (((u64)sector + num_sectors) > storage->sec_cnt)
+	{
+#ifdef ERROR_EXTRA_PRINTING
+		EPRINTFARGS("SDMMC%d: Out of bounds!", storage->sdmmc->id + 1);
+#endif
+		return 0;
+	}
+
 	while (sct_total)
 	{
 		u32 blkcnt = 0;