From dfdbff7304fead42832574bf06eb48bf67bb03d0 Mon Sep 17 00:00:00 2001 From: Lior Halphon Date: Tue, 13 Apr 2021 16:01:44 +0300 Subject: [PATCH] Allow writes to the $a000-$bfff range in the MBC block --- BESS.md | 2 +- Core/save_state.c | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/BESS.md b/BESS.md index 9ad36ff0..25952198 100644 --- a/BESS.md +++ b/BESS.md @@ -132,7 +132,7 @@ This block contains an MBC-specific number of 3-byte-long pairs that represent t | 0x9 | The value 0x4000 as a 16-bit integer | | 0xB | The current RAM bank | -An implementation should parse this block as a series of writes to be made. Values outside the `0x0000-0x7FFF` range are not allowed. +An implementation should parse this block as a series of writes to be made. Values outside the `0x0000-0x7FFF` and `0xA000-0xBFFF` ranges are not allowed. #### RTC block The RTC block uses the `'RTC '` identifier, and is an optional block that is used while emulating an MBC3 with an RTC. The contents of this block are identical to 64-bit RTC saves from VBA, which are also used by SameBoy and different emulators such as BGB. diff --git a/Core/save_state.c b/Core/save_state.c index d38bd25d..f279b614 100644 --- a/Core/save_state.c +++ b/Core/save_state.c @@ -916,7 +916,8 @@ static int load_bess_save(GB_gameboy_t *gb, virtual_file_t *file, bool is_samebo for (unsigned i = LE32(block.size); i > 0; i -= 3) { BESS_MBC_pair_t pair; file->read(file, &pair, sizeof(pair)); - if (LE16(pair.address) >= 0x8000) goto parse_error; + if (LE16(pair.address) >= 0x8000 && LE16(pair.address) < 0xA000) goto parse_error; + if (LE16(pair.address) >= 0xC000) goto parse_error; GB_write_memory(&save, LE16(pair.address), pair.value); } break;