all repos — mgba @ 4647473b745bbaa138be0858c50761c9e24505fc

mGBA Game Boy Advance Emulator

GB Memory: Fix bounds checking for View/Patch
Jeffrey Pfau jeffrey@endrift.com
Mon, 19 Sep 2016 09:25:28 -0700
commit

4647473b745bbaa138be0858c50761c9e24505fc

parent

986dc183409235746a3a205acc431be98125279c

1 files changed, 21 insertions(+), 13 deletions(-)

jump to
M src/gb/memory.csrc/gb/memory.c 
@@ -262,18 +262,19 @@ case GB_REGION_CART_BANK1 + 2:
 	case GB_REGION_CART_BANK1 + 3:
 		if (segment < 0) {
 			return memory->romBank[address & (GB_SIZE_CART_BANK0 - 1)];
-		} else {
-			if ((size_t) segment * GB_SIZE_CART_BANK0 >= memory->romSize) {
-				return 0xFF;
-			}
+		} else if ((size_t) segment * GB_SIZE_CART_BANK0 < memory->romSize) {
 			return memory->rom[(address & (GB_SIZE_CART_BANK0 - 1)) + segment * GB_SIZE_CART_BANK0];
+		} else {
+			return 0xFF;
 		}
 	case GB_REGION_VRAM:
 	case GB_REGION_VRAM + 1:
 		if (segment < 0) {
 			return gb->video.vramBank[address & (GB_SIZE_VRAM_BANK0 - 1)];
+		} else if (segment < 2) {
+			return gb->video.vram[(address & (GB_SIZE_VRAM_BANK0 - 1)) + segment *GB_SIZE_VRAM_BANK0];
 		} else {
-			return gb->video.vram[(address & (GB_SIZE_VRAM_BANK0 - 1)) + segment *GB_SIZE_VRAM_BANK0];
+			return 0xFF;
 		}
 	case GB_REGION_EXTERNAL_RAM:
 	case GB_REGION_EXTERNAL_RAM + 1:

@@ -282,8 +283,10 @@ return memory->rtcRegs[memory->activeRtcReg];
 		} else if (memory->sramAccess) {
 			if (segment < 0) {
 				return memory->sramBank[address & (GB_SIZE_EXTERNAL_RAM - 1)];
-			} else {
+			} else if ((size_t) segment * GB_SIZE_EXTERNAL_RAM < gb->sramSize) {
 				return memory->sram[(address & (GB_SIZE_EXTERNAL_RAM - 1)) + segment *GB_SIZE_EXTERNAL_RAM];
+			} else {
+				return 0xFF;
 			}
 		} else if (memory->mbcType == GB_MBC7) {
 			return GBMBC7Read(memory, address);

@@ -297,8 +300,10 @@ return memory->wram[address & (GB_SIZE_WORKING_RAM_BANK0 - 1)];
 	case GB_REGION_WORKING_RAM_BANK1:
 		if (segment < 0) {
 			return memory->wramBank[address & (GB_SIZE_WORKING_RAM_BANK0 - 1)];
-		} else {
+		} else if (segment < 8) {
 			return memory->wram[(address & (GB_SIZE_WORKING_RAM_BANK0 - 1)) + segment *GB_SIZE_WORKING_RAM_BANK0];
+		} else {
+			return 0xFF;
 		}
 	default:
 		if (address < GB_BASE_OAM) {

@@ -500,12 +505,11 @@ _pristineCow(gb);
 		if (segment < 0) {
 			oldValue = memory->romBank[address & (GB_SIZE_CART_BANK0 - 1)];
 			memory->romBank[address & (GB_SIZE_CART_BANK0 - 1)] = value;
-		} else {
-			if ((size_t) segment * GB_SIZE_CART_BANK0 >= memory->romSize) {
-				return;
-			}
+		} else if ((size_t) segment * GB_SIZE_CART_BANK0 < memory->romSize) {
 			oldValue = memory->rom[(address & (GB_SIZE_CART_BANK0 - 1)) + segment * GB_SIZE_CART_BANK0];
 			memory->rom[(address & (GB_SIZE_CART_BANK0 - 1)) + segment * GB_SIZE_CART_BANK0] = value;
+		} else {
+			return;
 		}
 		break;
 	case GB_REGION_VRAM:

@@ -513,9 +517,11 @@ case GB_REGION_VRAM + 1:
 		if (segment < 0) {
 			oldValue = gb->video.vramBank[address & (GB_SIZE_VRAM_BANK0 - 1)];
 			gb->video.vramBank[address & (GB_SIZE_VRAM_BANK0 - 1)] = value;
-		} else {
+		} else if (segment < 2) {
 			oldValue = gb->video.vram[(address & (GB_SIZE_VRAM_BANK0 - 1)) + segment * GB_SIZE_VRAM_BANK0];
 			gb->video.vramBank[(address & (GB_SIZE_VRAM_BANK0 - 1)) + segment * GB_SIZE_VRAM_BANK0] = value;
+		} else {
+			return;
 		}
 		break;
 	case GB_REGION_EXTERNAL_RAM:

@@ -531,9 +537,11 @@ case GB_REGION_WORKING_RAM_BANK1:
 		if (segment < 0) {
 			oldValue = memory->wramBank[address & (GB_SIZE_WORKING_RAM_BANK0 - 1)];
 			memory->wramBank[address & (GB_SIZE_WORKING_RAM_BANK0 - 1)] = value;
-		} else {
+		} else if (segment < 8) {
 			oldValue = memory->wram[(address & (GB_SIZE_WORKING_RAM_BANK0 - 1)) + segment * GB_SIZE_WORKING_RAM_BANK0];
 			memory->wram[(address & (GB_SIZE_WORKING_RAM_BANK0 - 1)) + segment * GB_SIZE_WORKING_RAM_BANK0] = value;
+		} else {
+			return;
 		}
 		break;
 	default: