5,579
edits
Changes
→System Menu: Added the cache.dat bug, and a small correction to letterbomb
Line 174:
Line 174:
| When parsing a message saved to the SD Card, the Wii Message Board has a buffer overflow bug when copying the message body. By overwriting the memory allocation table this way, the next allocation address can be placed on the stack, allowing code to be returned to. [[LetterBomb]] and [[Wilbrand]] exploit this.
| When parsing a message saved to the SD Card, the Wii Message Board has a buffer overflow bug when copying the message body. By overwriting the memory allocation table this way, the next allocation address can be placed on the stack, allowing code to be returned to. [[LetterBomb]] and [[Wilbrand]] exploit this.
| Code execution in the [[System Menu]]
| Code execution in the [[System Menu]]
−| Unfixed
+| [[vWii 1.0.0]]
| {{SortableMonth|Aug|2011}}
| {{SortableMonth|Aug|2011}}
| [[fail0verflow]] and giantpune (independently)
| [[fail0verflow]] and giantpune (independently)
Line 198:
Line 198:
| {{SortableMonth|Nov|2008}}
| {{SortableMonth|Nov|2008}}
| [[fail0verflow]]
| [[fail0verflow]]
+|-
+| Disc executable cache is not padded or truncated when writing a new executable over the old one
+| For speed, every time a disc is inserted, the System Menu writes the main executable to [[:/title/00000001/00000002/data/cache.dat]]. However, overwriting the file may require relocation if the area allocated is too small, and there may be remnants of the old file if the allocated space is larger than what is needed. To prevent their repair discs (e.g. [[Check Disk for Pre-Repair Process]]) from being leaked, Nintendo inserts a normal game disc afterward, however, because this disc is almost guaranteed to not be the same size as the repair disc, remnants of the repair disc will remain on the [[Hardware/NAND|NAND]].
+| Partial dumping of repair disc executables after the console returns to the consumer
+| Unfixed{{Check}}
+| {{SortableMonth|Apr|2010}}
+| {{User|bushing}}
|}
|}