Core: Fix IPL device m_cursor overflow

Not sure if the behavior I'm implementing here is what real hardware
does, but since this is a buffer overflow, I'd like to get it fixed
quickly. Hardware verification can happen later.

https://bugs.dolphin-emu.org/issues/13506
This commit is contained in:
JosJuice 2024-03-25 18:03:11 +01:00
parent d57c68a625
commit 06329ecfc7
1 changed files with 4 additions and 0 deletions

View File

@ -320,6 +320,8 @@ void CEXIIPL::TransferByte(u8& data)
if (!m_command.is_write())
{
u32 dev_addr = address - ROM_BASE + m_cursor++;
// TODO: Is this address wrapping correct? Needs a hardware test
dev_addr %= ROM_SIZE;
// Technically we should descramble here iff descrambling logic is enabled.
// At the moment, we pre-decrypt the whole thing and
// ignore the "enabled" bit - see CEXIIPL::CEXIIPL
@ -346,6 +348,8 @@ void CEXIIPL::TransferByte(u8& data)
{
auto& sram = m_system.GetSRAM();
u32 dev_addr = address - SRAM_BASE + m_cursor++;
// TODO: Is this address wrapping correct? Needs a hardware test
dev_addr %= SRAM_SIZE;
if (m_command.is_write())
sram[dev_addr] = data;
else