From 3b8737d2d7172ae62ae9135e4c9942dde1f47d13 Mon Sep 17 00:00:00 2001
From: timetravelthree <dantexor@protonmail.com>
Date: Fri, 8 Dec 2023 09:51:32 -0900
Subject: [PATCH] Fix out of bound write in EfbCopy::ClearEfb

---
 Source/Core/VideoBackends/Software/EfbCopy.cpp | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/Source/Core/VideoBackends/Software/EfbCopy.cpp b/Source/Core/VideoBackends/Software/EfbCopy.cpp
index c23ca5622c..15a3fb3a02 100644
--- a/Source/Core/VideoBackends/Software/EfbCopy.cpp
+++ b/Source/Core/VideoBackends/Software/EfbCopy.cpp
@@ -3,6 +3,8 @@
 
 #include "VideoBackends/Software/EfbCopy.h"
 
+#include <algorithm>
+
 #include "Common/CommonTypes.h"
 #include "Common/Logging/Log.h"
 #include "Core/HW/Memmap.h"
@@ -11,6 +13,7 @@
 
 #include "VideoCommon/BPMemory.h"
 #include "VideoCommon/Fifo.h"
+#include "VideoCommon/VideoCommon.h"
 
 namespace EfbCopy
 {
@@ -21,8 +24,8 @@ void ClearEfb()
 
   int left = bpmem.copyTexSrcXY.x;
   int top = bpmem.copyTexSrcXY.y;
-  int right = left + bpmem.copyTexSrcWH.x;
-  int bottom = top + bpmem.copyTexSrcWH.y;
+  int right = std::min(left + bpmem.copyTexSrcWH.x, EFB_WIDTH - 1);
+  int bottom = std::min(top + bpmem.copyTexSrcWH.y, EFB_HEIGHT - 1);
 
   for (u16 y = top; y <= bottom; y++)
   {