GB Video: Prevent BCPS and OCPS from going negative
Jeffrey Pfau jeffrey@endrift.com
Tue, 13 Sep 2016 08:52:41 -0700
2 files changed,
10 insertions(+),
0 deletions(-)
M
src/gb/serialize.c
→
src/gb/serialize.c
@@ -142,6 +142,14 @@ if (ucheck16 + state->memory.dmaRemaining > GB_SIZE_OAM) {
mLOG(GB_STATE, WARN, "Savestate is corrupted: DMA destination is out of range"); error = true; } + LOAD_16LE(ucheck16, 0, &state->video.bcpIndex); + if (ucheck16 >= 0x40) { + mLOG(GB_STATE, WARN, "Savestate is corrupted: BCPS is out of range"); + } + LOAD_16LE(ucheck16, 0, &state->video.ocpIndex); + if (ucheck16 >= 0x40) { + mLOG(GB_STATE, WARN, "Savestate is corrupted: OCPS is out of range"); + } if (error) { return false; }
M
src/gb/video.c
→
src/gb/video.c
@@ -482,7 +482,9 @@ GBSerializedVideoFlags flags = state->video.flags;
video->bcpIncrement = GBSerializedVideoFlagsGetBcpIncrement(flags); video->ocpIncrement = GBSerializedVideoFlagsGetOcpIncrement(flags); LOAD_16LE(video->bcpIndex, 0, &state->video.bcpIndex); + video->bcpIndex &= 0x3F; LOAD_16LE(video->ocpIndex, 0, &state->video.ocpIndex); + video->ocpIndex &= 0x3F; size_t i; for (i = 0; i < 64; ++i) {