Access violation/ segfault in cnmt_process (nca_section_fread)

[mchubby]

Working on a MasterKey9 update, base game is M.K. 8

$ gdb --args ./renxpack /mnt/n/hr-aue7av101.nsp -k keys.txt -o .
(...)
(gdb) run
Starting program: /mnt/c/EXTRACT/reNXpack-master/renxpack /mnt/n/hr-aue7av101.nsp -k keys.txt -o .
reNXpack v1.16 by The-4n

Loading 'keys.txt' keyset file

Saving 5fb66d80cff459af59d2afa09f17d0ca.cnmt.nca to renxpack_extracted_nsp/5fb66d80cff459af59d2afa09f17d0ca.cnmt.nca...
Saving 8fae56e75c87b9958b432c2e08338aee.nca to renxpack_extracted_nsp/8fae56e75c87b9958b432c2e08338aee.nca...
Saving 8cec324a272b2305cc9d794a643b65b7.nca to renxpack_extracted_nsp/8cec324a272b2305cc9d794a643b65b7.nca...
Saving 0307d1bf8cbbd3e51ad13c6759477d62.nca to renxpack_extracted_nsp/0307d1bf8cbbd3e51ad13c6759477d62.nca...
Saving 01003b300e4aa800000000000000000a.cert to renxpack_extracted_nsp/01003b300e4aa800000000000000000a.cert...
Saving 01003b300e4aa800000000000000000a.tik to renxpack_extracted_nsp/01003b300e4aa800000000000000000a.tik...

===> Processing 1 Patch(es):
===> Processing Patch 1 Metadata:

GDB breaks here

Program received signal SIGSEGV, Segmentation fault.

(gdb) bt
#0  __memcpy_ssse3 () at ../sysdeps/x86_64/multiarch/memcpy-ssse3.S:304
#1  0x00007ffffeceb6c8 in __GI__IO_file_xsgetn (fp=0x846e730, data=<optimized out>, n=27949418712) at fileops.c:1326
#2  0x00007ffffecdf3c1 in __GI__IO_fread (buf=<optimized out>, size=1, count=27949418712, fp=0x846e730) at iofread.c:38
#3  0x0000000008009c1e in nca_section_fread (ctx=0x7ffffffdfdd8, buffer=0x0, count=27949418712) at nca.c:115
#4  0x000000000800a1d7 in nca_exefs_npdm_process (ctx=0x7ffffffdfd50) at nca.c:207
#5  0x000000000800c1fa in nca_process (ctx=0x7ffffffdfd50, filepath=0x7ffffffe11c0, index=0, cnmt_xml_ctx=0x84729d0, cnmt_ctx=0x8470970, nsp_ctx=0x8474b10) at nca.c:648
#6  0x000000000800d4f0 in cnmt_process (tool=0x7ffffffe5270, cnmt_xml_ctx=0x84729d0, cnmt_ctx=0x8470970, nsp_ctx=0x8474b10) at cnmt.c:103
#7  0x000000000800e0e3 in main (argc=6, argv=0x7ffffffee078) at main.c:196

nca_section_fread / pfs0_header is probably wrong, because count=27949418712 (~27 GiB) is way larger than any .nca in the update file, and buffer=0x0 its malloc failed too.