From 7b1af20be49982e2a39a23d2e8ba2be93e541ece Mon Sep 17 00:00:00 2001
From: zeromus <zeromus@users.sf.net>
Date: Mon, 27 Apr 2009 21:08:17 +0000
Subject: [PATCH] gfx3d: fix condition where matrices could be read/write out
 of bounds of the matrix stack, clobbering some other variable in the emulator

---
 desmume/src/gfx3d.cpp  | 4 ++++
 desmume/src/matrix.cpp | 3 +++
 2 files changed, 7 insertions(+)

diff --git a/desmume/src/gfx3d.cpp b/desmume/src/gfx3d.cpp
index be7c24b41..e61cffb14 100644
--- a/desmume/src/gfx3d.cpp
+++ b/desmume/src/gfx3d.cpp
@@ -414,6 +414,8 @@ void gfx3d_glStoreMatrix(u32 v)
 	if(mymode==0)
 		v = 0;
 
+	if(v==31) v=30; //? what should happen in this case?
+
 	MatrixStackLoadMatrix (&mtxStack[mymode], v&31, mtxCurrent[mymode]);
 	if(mymode==2)
 		MatrixStackLoadMatrix (&mtxStack[1], v&31, mtxCurrent[1]);
@@ -428,6 +430,8 @@ void gfx3d_glRestoreMatrix(u32 v)
 	if(mymode==0)
 		v = 0;
 
+	if(v==31) v=30; //? what should happen in this case?
+
 	MatrixCopy (mtxCurrent[mymode], MatrixStackGetPos(&mtxStack[mymode], v&31));
 	if (mymode == 2)
 		MatrixCopy (mtxCurrent[1], MatrixStackGetPos(&mtxStack[1], v&31));
diff --git a/desmume/src/matrix.cpp b/desmume/src/matrix.cpp
index 2f9cf21d0..d9c3bd780 100644
--- a/desmume/src/matrix.cpp
+++ b/desmume/src/matrix.cpp
@@ -22,6 +22,7 @@
 #include <string.h>
 #include <stdlib.h>
 #include <math.h>
+#include <assert.h>
 #include "matrix.h"
 
 extern "C" {
@@ -213,6 +214,7 @@ float * MatrixStackPopMatrix (MatrixStack *stack, int size)
 
 float * MatrixStackGetPos (MatrixStack *stack, int pos)
 {
+	assert(pos<31);
 	return &stack->matrix[pos*16];
 }
 
@@ -223,6 +225,7 @@ float * MatrixStackGet (MatrixStack *stack)
 
 void MatrixStackLoadMatrix (MatrixStack *stack, int pos, const float *ptr)
 {
+	assert(pos<31);
 	MatrixCopy (&stack->matrix[pos*16], ptr);
 }