From 9f3f615e054663fd6e538fa2db86271b467a6bfd Mon Sep 17 00:00:00 2001
From: Liam <byteslice@airmail.cc>
Date: Fri, 14 Jul 2023 22:32:24 -0400
Subject: core: reduce TOCTTOU memory access

---
 src/core/hle/kernel/svc/svc_ipc.cpp | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

(limited to 'src/core/hle/kernel/svc/svc_ipc.cpp')

diff --git a/src/core/hle/kernel/svc/svc_ipc.cpp b/src/core/hle/kernel/svc/svc_ipc.cpp
index bb94f6934..373ae7c8d 100644
--- a/src/core/hle/kernel/svc/svc_ipc.cpp
+++ b/src/core/hle/kernel/svc/svc_ipc.cpp
@@ -8,6 +8,7 @@
 #include "core/hle/kernel/k_process.h"
 #include "core/hle/kernel/k_server_session.h"
 #include "core/hle/kernel/svc.h"
+#include "core/hle/kernel/svc_results.h"
 
 namespace Kernel::Svc {
 
@@ -49,14 +50,10 @@ Result ReplyAndReceive(Core::System& system, s32* out_index, uint64_t handles_ad
 
     // Copy user handles.
     if (num_handles > 0) {
-        // Ensure we can try to get the handles.
-        R_UNLESS(GetCurrentMemory(kernel).IsValidVirtualAddressRange(
-                     handles_addr, static_cast<u64>(sizeof(Handle) * num_handles)),
-                 ResultInvalidPointer);
-
         // Get the handles.
-        GetCurrentMemory(kernel).ReadBlock(handles_addr, handles.data(),
-                                           sizeof(Handle) * num_handles);
+        R_UNLESS(GetCurrentMemory(kernel).ReadBlock(handles_addr, handles.data(),
+                                                    sizeof(Handle) * num_handles),
+                 ResultInvalidPointer);
 
         // Convert the handles to objects.
         R_UNLESS(handle_table.GetMultipleObjects<KSynchronizationObject>(
-- 
cgit v1.2.3