M CHANGES → CHANGES

@@ -7,6 +7,7 @@ - Qt: Fix open ROM dialog filtering for archive formats
  - ARM7: Fix Thumb MUL timing
  - GBA: Cap audio FIFO read size during deserialization
  - GBA: Check for corrupted savestates when loading
+ - GBA: Check for improperly sized savestates when loading
 Misc:
  - All: Fix sanitize-deb script to set file permissions properly if run as (fake)root
  - All: Enable static linking for Windows

M src/gba/serialize.c → src/gba/serialize.c

@@ -250,6 +250,9 @@ if (isPNG(vf)) {
 		return _loadPNGState(gba, vf);
 	}
 	#endif
+	if (vf->size(vf) < (ssize_t) sizeof(struct GBASerializedState)) {
+		return false;
+	}
 	struct GBASerializedState* state = vf->map(vf, sizeof(struct GBASerializedState), MAP_READ);
 	if (!state) {
 		return false;