Merge pull request #7765 from AdmiralCurtiss/fzero-save-file-out-of-bounds

GCMemcard: Fix out of bounds access in F-Zero GX checksum calculation.

Source/Core/Core/HW/GCMemcard/GCMemcard.cpp

@@ -1277,12 +1277,15 @@ s32 GCMemcard::FZEROGX_MakeSaveGameValid(const Header& cardheader, const DEntry&
   u32 i, j;
   u32 serial1, serial2;
   u16 chksum = 0xFFFF;
-  int block = 0;
 
   // check for F-Zero GX system file
   if (strcmp(reinterpret_cast<const char*>(direntry.m_filename.data()), "f_zero.dat") != 0)
     return 0;
 
+  // also make sure that the filesize is correct
+  if (FileBuffer.size() != 4)
+    return 0;
+
   // get encrypted destination memory card serial numbers
   cardheader.CARD_GetSerialNo(&serial1, &serial2);
 
@@ -1295,7 +1298,9 @@ s32 GCMemcard::FZEROGX_MakeSaveGameValid(const Header& cardheader, const DEntry&
   // calc 16-bit checksum
   for (i = 0x02; i < 0x8000; i++)
   {
-    chksum ^= (FileBuffer[block].m_block[i - (block * 0x2000)] & 0xFF);
+    const int block = i / 0x2000;
+    const int offset = i % 0x2000;
+    chksum ^= (FileBuffer[block].m_block[offset] & 0xFF);
     for (j = 8; j > 0; j--)
     {
       if (chksum & 1)
@@ -1303,8 +1308,6 @@ s32 GCMemcard::FZEROGX_MakeSaveGameValid(const Header& cardheader, const DEntry&
       else
         chksum >>= 1;
     }
-    if (!(i % 0x2000))
-      block++;
   }
 
   // set new checksum