From 00e0e857934b52d4078fb0d9851b1b861bee3f1e Mon Sep 17 00:00:00 2001
From: Fabian Schaffert <devmapal@gmail.com>
Date: Sun, 16 Nov 2014 14:43:58 +0100
Subject: [PATCH 1/2] Fixes return value of sys_semaphore_create()

In case of att.addr() being NULL, CELL_EFAULT must be returnd and not
CELL_EINVAL, according to the corresponding ps3autotest.
---
 rpcs3/Emu/SysCalls/lv2/sys_semaphore.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rpcs3/Emu/SysCalls/lv2/sys_semaphore.cpp b/rpcs3/Emu/SysCalls/lv2/sys_semaphore.cpp
index e5fd7463b5..d194a0b563 100644
--- a/rpcs3/Emu/SysCalls/lv2/sys_semaphore.cpp
+++ b/rpcs3/Emu/SysCalls/lv2/sys_semaphore.cpp
@@ -33,7 +33,7 @@ s32 sys_semaphore_create(vm::ptr<u32> sem, vm::ptr<sys_semaphore_attribute> attr
 
         if (attr.addr() == NULL) {
             sys_semaphore.Error("sys_semaphore_create(): An invalid argument value is specified (attr_addr=0x%x)", attr.addr());
-            return CELL_EINVAL;
+            return CELL_EFAULT;
         }
 
 	if (max_count <= 0 || initial_count > max_count || initial_count < 0)

From e9ab9f51fc38596890df07411ebb357e209d174c Mon Sep 17 00:00:00 2001
From: Fabian Schaffert <devmapal@gmail.com>
Date: Sun, 16 Nov 2014 20:48:22 +0100
Subject: [PATCH 2/2] Fixes segfaults for sys_event_flag_(create/get)

Neither sys_event_flag_create() nor sys_event_flag_get() checked for
NULL pointers in their arguments, which caused the corresponding test
from ps3autotests to segfault.
---
 rpcs3/Emu/SysCalls/lv2/sys_event_flag.cpp | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/rpcs3/Emu/SysCalls/lv2/sys_event_flag.cpp b/rpcs3/Emu/SysCalls/lv2/sys_event_flag.cpp
index 244d19cec4..336c88c4bb 100644
--- a/rpcs3/Emu/SysCalls/lv2/sys_event_flag.cpp
+++ b/rpcs3/Emu/SysCalls/lv2/sys_event_flag.cpp
@@ -42,6 +42,18 @@ s32 sys_event_flag_create(vm::ptr<u32> eflag_id, vm::ptr<sys_event_flag_attr> at
 	sys_event_flag.Warning("sys_event_flag_create(eflag_id_addr=0x%x, attr_addr=0x%x, init=0x%llx)",
 		eflag_id.addr(), attr.addr(), init);
 
+	if (eflag_id.addr() == NULL)
+	{
+		sys_event_flag.Error("sys_event_flag_create(): invalid memory access (eflag_id_addr=0x%x)", eflag_id.addr());
+		return CELL_EFAULT;
+	}
+
+	if (attr.addr() == NULL)
+	{
+		sys_event_flag.Error("sys_event_flag_create(): invalid memory access (attr_addr=0x%x)", attr.addr());
+		return CELL_EFAULT;
+	}
+
 	switch (attr->protocol.ToBE())
 	{
 	case se32(SYS_SYNC_PRIORITY): break;
@@ -358,6 +370,12 @@ s32 sys_event_flag_get(u32 eflag_id, vm::ptr<u64> flags)
 {
 	sys_event_flag.Log("sys_event_flag_get(eflag_id=%d, flags_addr=0x%x)", eflag_id, flags.addr());
 
+	if (flags.addr() == NULL)
+	{
+		sys_event_flag.Error("sys_event_flag_create(): invalid memory access (flags_addr=0x%x)", flags.addr());
+		return CELL_EFAULT;
+	}
+
 	EventFlag* ef;
 	if (!sys_event_flag.CheckId(eflag_id, ef)) return CELL_ESRCH;