From 7d53916466176663df7a122e664441fbcd18c080 Mon Sep 17 00:00:00 2001
From: "Admiral H. Curtiss" <pikachu025@gmail.com>
Date: Sat, 9 Dec 2023 15:42:15 +0100
Subject: [PATCH] HW/CEXIIPL: Respect bounds in LoadFileToIPL().

---
 Source/Core/Core/HW/EXI/EXI_DeviceIPL.cpp | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/Source/Core/Core/HW/EXI/EXI_DeviceIPL.cpp b/Source/Core/Core/HW/EXI/EXI_DeviceIPL.cpp
index dddcee0077..197c0735d6 100644
--- a/Source/Core/Core/HW/EXI/EXI_DeviceIPL.cpp
+++ b/Source/Core/Core/HW/EXI/EXI_DeviceIPL.cpp
@@ -159,13 +159,18 @@ void CEXIIPL::DoState(PointerWrap& p)
 
 bool CEXIIPL::LoadFileToIPL(const std::string& filename, u32 offset)
 {
+  if (offset >= ROM_SIZE)
+    return false;
+
   File::IOFile stream(filename, "rb");
   if (!stream)
     return false;
 
-  u64 filesize = stream.GetSize();
+  const u64 filesize = stream.GetSize();
+  if (offset >= filesize)
+    return false;
 
-  if (!stream.ReadBytes(&m_rom[offset], filesize))
+  if (!stream.ReadBytes(&m_rom[offset], std::min<u64>(filesize, ROM_SIZE) - offset))
     return false;
 
   m_fonts_loaded = true;