diff --git a/Source/Core/Core/HW/GCMemcard/GCMemcardRaw.cpp b/Source/Core/Core/HW/GCMemcard/GCMemcardRaw.cpp index a622b1145e..f5a3f6a8ba 100644 --- a/Source/Core/Core/HW/GCMemcard/GCMemcardRaw.cpp +++ b/Source/Core/Core/HW/GCMemcard/GCMemcardRaw.cpp @@ -169,7 +169,7 @@ void MemoryCard::MakeDirty() s32 MemoryCard::Read(u32 src_address, s32 length, u8* dest_address) { - if (!IsAddressInBounds(src_address)) + if (!IsAddressInBounds(src_address, length)) { PanicAlertFmtT("MemoryCard: Read called with invalid source address ({0:#x})", src_address); return -1; @@ -181,7 +181,7 @@ s32 MemoryCard::Read(u32 src_address, s32 length, u8* dest_address) s32 MemoryCard::Write(u32 dest_address, s32 length, const u8* src_address) { - if (!IsAddressInBounds(dest_address)) + if (!IsAddressInBounds(dest_address, length)) { PanicAlertFmtT("MemoryCard: Write called with invalid destination address ({0:#x})", dest_address); @@ -198,7 +198,7 @@ s32 MemoryCard::Write(u32 dest_address, s32 length, const u8* src_address) void MemoryCard::ClearBlock(u32 address) { - if (address & (Memcard::BLOCK_SIZE - 1) || !IsAddressInBounds(address)) + if (address & (Memcard::BLOCK_SIZE - 1) || !IsAddressInBounds(address, Memcard::BLOCK_SIZE)) { PanicAlertFmtT("MemoryCard: ClearBlock called on invalid address ({0:#x})", address); return; diff --git a/Source/Core/Core/HW/GCMemcard/GCMemcardRaw.h b/Source/Core/Core/HW/GCMemcard/GCMemcardRaw.h index c6c85313e8..3138899667 100644 --- a/Source/Core/Core/HW/GCMemcard/GCMemcardRaw.h +++ b/Source/Core/Core/HW/GCMemcard/GCMemcardRaw.h @@ -30,7 +30,11 @@ public: void DoState(PointerWrap& p) override; private: - bool IsAddressInBounds(u32 address) const { return address <= (m_memory_card_size - 1); } + bool IsAddressInBounds(u32 address, u32 length) const + { + u64 end_address = static_cast(address) + static_cast(length); + return end_address <= static_cast(m_memory_card_size); + } std::string m_filename; std::unique_ptr m_memcard_data;