Merge pull request #869 from Subv/ubsan

Corrected a few error cases detected by asan/ubsan

src/core/hle/service/nvdrv/devices/nvhost_ctrl_gpu.cpp

@@ -97,7 +97,9 @@ u32 nvhost_ctrl_gpu::GetTPCMasks(const std::vector<u8>& input, std::vector<u8>&
 u32 nvhost_ctrl_gpu::GetActiveSlotMask(const std::vector<u8>& input, std::vector<u8>& output) {
     LOG_DEBUG(Service_NVDRV, "called");
     IoctlActiveSlotMask params{};
-    std::memcpy(&params, input.data(), input.size());
+    if (input.size() > 0) {
+        std::memcpy(&params, input.data(), input.size());
+    }
     params.slot = 0x07;
     params.mask = 0x01;
     std::memcpy(output.data(), &params, output.size());
@@ -107,7 +109,9 @@ u32 nvhost_ctrl_gpu::GetActiveSlotMask(const std::vector<u8>& input, std::vector
 u32 nvhost_ctrl_gpu::ZCullGetCtxSize(const std::vector<u8>& input, std::vector<u8>& output) {
     LOG_DEBUG(Service_NVDRV, "called");
     IoctlZcullGetCtxSize params{};
-    std::memcpy(&params, input.data(), input.size());
+    if (input.size() > 0) {
+        std::memcpy(&params, input.data(), input.size());
+    }
     params.size = 0x1;
     std::memcpy(output.data(), &params, output.size());
     return 0;
@@ -116,7 +120,11 @@ u32 nvhost_ctrl_gpu::ZCullGetCtxSize(const std::vector<u8>& input, std::vector<u
 u32 nvhost_ctrl_gpu::ZCullGetInfo(const std::vector<u8>& input, std::vector<u8>& output) {
     LOG_DEBUG(Service_NVDRV, "called");
     IoctlNvgpuGpuZcullGetInfoArgs params{};
-    std::memcpy(&params, input.data(), input.size());
+
+    if (input.size() > 0) {
+        std::memcpy(&params, input.data(), input.size());
+    }
+
     params.width_align_pixels = 0x20;
     params.height_align_pixels = 0x20;
     params.pixel_squares_by_aliquots = 0x400;

src/core/hle/service/nvdrv/devices/nvhost_gpu.cpp

@@ -132,9 +132,12 @@ u32 nvhost_gpu::SubmitGPFIFO(const std::vector<u8>& input, std::vector<u8>& outp
     LOG_WARNING(Service_NVDRV, "(STUBBED) called, gpfifo={:X}, num_entries={:X}, flags={:X}",
                 params.address, params.num_entries, params.flags);
 
-    auto entries = std::vector<IoctlGpfifoEntry>();
+    ASSERT_MSG(input.size() ==
-    entries.resize(params.num_entries);
+                   sizeof(IoctlSubmitGpfifo) + params.num_entries * sizeof(IoctlGpfifoEntry),
-    std::memcpy(&entries[0], &input.data()[sizeof(IoctlSubmitGpfifo)],
+               "Incorrect input size");
+
+    std::vector<IoctlGpfifoEntry> entries(params.num_entries);
+    std::memcpy(entries.data(), &input[sizeof(IoctlSubmitGpfifo)],
                 params.num_entries * sizeof(IoctlGpfifoEntry));
     for (auto entry : entries) {
         Tegra::GPUVAddr va_addr = entry.Address();

src/video_core/macro_interpreter.cpp

@@ -102,11 +102,11 @@ bool MacroInterpreter::Step(const std::vector<u32>& code, bool is_delay_slot) {
         if (taken) {
             // Ignore the delay slot if the branch has the annul bit.
             if (opcode.branch_annul) {
-                pc = base_address + (opcode.immediate << 2);
+                pc = base_address + opcode.GetBranchTarget();
                 return true;
             }
 
-            delayed_pc = base_address + (opcode.immediate << 2);
+            delayed_pc = base_address + opcode.GetBranchTarget();
             // Execute one more instruction due to the delay slot.
             return Step(code, true);
         }

src/video_core/macro_interpreter.h

@@ -91,6 +91,10 @@ private:
         u32 GetBitfieldMask() const {
             return (1 << bf_size) - 1;
         }
+
+        s32 GetBranchTarget() const {
+            return static_cast<s32>(immediate * sizeof(u32));
+        }
     };
 
     union MethodAddress {