all repos — mgba @ 9430040cb3f3ebab2e927fa34dc9a2b7580b7e2b

mGBA Game Boy Advance Emulator

Check for some invalid memory regions before performing BIOS decompression routines
Jeffrey Pfau jeffrey@endrift.com
Sun, 13 Oct 2013 20:12:30 -0700
commit

9430040cb3f3ebab2e927fa34dc9a2b7580b7e2b

parent

67007ee002cc9c487e820bf820c8e329590a3d1c

1 files changed, 15 insertions(+), 3 deletions(-)

jump to
M src/gba/gba-bios.csrc/gba/gba-bios.c 
@@ -245,6 +245,10 @@ _ObjAffineSet(gba);
 		break;
 	case 0x11:
 	case 0x12:
+		if (gba->cpu.gprs[0] < BASE_WORKING_RAM) {
+			GBALog(gba, GBA_LOG_GAME_ERROR, "Bad LZ77 source");
+			break;
+		}
 		switch (gba->cpu.gprs[1] >> BASE_OFFSET) {
 			case REGION_WORKING_RAM:
 				_unLz77(&gba->memory, gba->cpu.gprs[0], &((uint8_t*) gba->memory.wram)[(gba->cpu.gprs[1] & (SIZE_WORKING_RAM - 1))]);

@@ -256,11 +260,15 @@ case REGION_VRAM:
 				_unLz77(&gba->memory, gba->cpu.gprs[0], &((uint8_t*) gba->video.renderer->vram)[(gba->cpu.gprs[1] & 0x0001FFFF)]);
 				break;
 			default:
-				GBALog(gba, GBA_LOG_WARN, "Bad LZ77 destination");
+				GBALog(gba, GBA_LOG_GAME_ERROR, "Bad LZ77 destination");
 				break;
 		}
 		break;
 	case 0x13:
+		if (gba->cpu.gprs[0] < BASE_WORKING_RAM) {
+			GBALog(gba, GBA_LOG_GAME_ERROR, "Bad Huffman source");
+			break;
+		}
 		switch (gba->cpu.gprs[1] >> BASE_OFFSET) {
 			case REGION_WORKING_RAM:
 				_unHuffman(&gba->memory, gba->cpu.gprs[0], &((uint32_t*) gba->memory.wram)[(gba->cpu.gprs[1] & (SIZE_WORKING_RAM - 3)) >> 2]);

@@ -272,12 +280,16 @@ case REGION_VRAM:
 				_unHuffman(&gba->memory, gba->cpu.gprs[0], &((uint32_t*) gba->video.renderer->vram)[(gba->cpu.gprs[1] & 0x0001FFFC) >> 2]);
 				break;
 			default:
-				GBALog(gba, GBA_LOG_WARN, "Bad Huffman destination");
+				GBALog(gba, GBA_LOG_GAME_ERROR, "Bad Huffman destination");
 				break;
 		}
 		break;
 	case 0x14:
 	case 0x15:
+		if (gba->cpu.gprs[0] < BASE_WORKING_RAM) {
+			GBALog(gba, GBA_LOG_GAME_ERROR, "Bad RL source");
+			break;
+		}
 		switch (gba->cpu.gprs[1] >> BASE_OFFSET) {
 			case REGION_WORKING_RAM:
 				_unRl(&gba->memory, gba->cpu.gprs[0], &((uint8_t*) gba->memory.wram)[(gba->cpu.gprs[1] & (SIZE_WORKING_RAM - 1))]);

@@ -289,7 +301,7 @@ case REGION_VRAM:
 				_unRl(&gba->memory, gba->cpu.gprs[0], &((uint8_t*) gba->video.renderer->vram)[(gba->cpu.gprs[1] & 0x0001FFFF)]);
 				break;
 			default:
-				GBALog(gba, GBA_LOG_WARN, "Bad RL destination");
+				GBALog(gba, GBA_LOG_GAME_ERROR, "Bad RL destination");
 				break;
 		}
 		break;