From 64414e12abd26aefc18eeb185686d3746d55eb95 Mon Sep 17 00:00:00 2001
From: ZeroSkill1 <timmskiller102@outlook.com>
Date: Wed, 22 Mar 2023 17:55:38 +0300
Subject: [PATCH] fix buffer overflow

This would cause exceptions when encrypting/decrypting CIA files to
`0:/gm9/out`.
---
 arm9/source/utils/gameutil.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/arm9/source/utils/gameutil.c b/arm9/source/utils/gameutil.c
index 9c4f2e2..72b7010 100644
--- a/arm9/source/utils/gameutil.c
+++ b/arm9/source/utils/gameutil.c
@@ -1317,12 +1317,18 @@ u32 CryptCiaFile(const char* orig, const char* dest, u16 crypto) {
 
     // if not inplace: take over CIA metadata
     if (!inplace && (info.size_meta == CIA_META_SIZE)) {
-        CiaMeta* meta = (CiaMeta*) (void*) (cia + 1);
-        if ((fvx_qread(orig, meta, info.offset_meta, CIA_META_SIZE, NULL) != FR_OK) ||
-            (fvx_qwrite(dest, meta, info.offset_meta, CIA_META_SIZE, NULL) != FR_OK)) {
+        CiaMeta* meta = (CiaMeta*) malloc(sizeof(CiaMeta));
+        if (!meta) {
             free(cia);
             return 1;
         }
+        if ((fvx_qread(orig, meta, info.offset_meta, CIA_META_SIZE, NULL) != FR_OK) ||
+            (fvx_qwrite(dest, meta, info.offset_meta, CIA_META_SIZE, NULL) != FR_OK)) {
+            free(cia);
+            free(meta);
+            return 1;
+        }
+        free(meta);
     }
 
     // fix TMD hashes, write CIA stub to destination