From 6f79f741d59f3fcf301fac3d3bf544ead00073c2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?L=C3=A9o=20Lam?= <leo@innovatetechnologi.es>
Date: Sat, 25 Feb 2017 01:10:47 +0100
Subject: [PATCH] IOS/ES: Check that m_addtitle_tmd is valid before use

---
 Source/Core/Core/IOS/ES/ES.cpp | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/Source/Core/Core/IOS/ES/ES.cpp b/Source/Core/Core/IOS/ES/ES.cpp
index 95599c6a3e..2855f0d11b 100644
--- a/Source/Core/Core/IOS/ES/ES.cpp
+++ b/Source/Core/Core/IOS/ES/ES.cpp
@@ -447,6 +447,9 @@ IPCCommandResult ES::AddContentStart(const IOCtlVRequest& request)
                    "content id %08x",
            title_id, m_addtitle_content_id);
 
+  if (!m_addtitle_tmd.IsValid())
+    return GetDefaultReply(ES_PARAMETER_SIZE_OR_ALIGNMENT);
+
   if (title_id != m_addtitle_tmd.GetTitleId())
   {
     ERROR_LOG(IOS_ES, "IOCTL_ES_ADDCONTENTSTART: title id %016" PRIx64 " != "
@@ -486,6 +489,9 @@ IPCCommandResult ES::AddContentFinish(const IOCtlVRequest& request)
   u32 content_fd = Memory::Read_U32(request.in_vectors[0].address);
   INFO_LOG(IOS_ES, "IOCTL_ES_ADDCONTENTFINISH: content fd %08x", content_fd);
 
+  if (!m_addtitle_tmd.IsValid())
+    return GetDefaultReply(ES_PARAMETER_SIZE_OR_ALIGNMENT);
+
   // Try to find the title key from a pre-installed ticket.
   IOS::ES::TicketReader ticket = DiscIO::FindSignedTicket(m_addtitle_tmd.GetTitleId());
   if (!ticket.IsValid())