From b506bdc4018095dc4bc612a5b12837b3dfeb2d76 Mon Sep 17 00:00:00 2001
From: Nicola Vella <nicola.vella@hotmail.com>
Date: Sun, 8 Oct 2023 11:37:43 +0200
Subject: [PATCH] Fix heap buffer overflow in GCMemcardRaw

---
 Source/Core/Core/HW/GCMemcard/GCMemcardRaw.h | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/Source/Core/Core/HW/GCMemcard/GCMemcardRaw.h b/Source/Core/Core/HW/GCMemcard/GCMemcardRaw.h
index 067f795401..3138899667 100644
--- a/Source/Core/Core/HW/GCMemcard/GCMemcardRaw.h
+++ b/Source/Core/Core/HW/GCMemcard/GCMemcardRaw.h
@@ -30,7 +30,11 @@ public:
   void DoState(PointerWrap& p) override;
 
 private:
-  bool IsAddressInBounds(u32 address, u32 length) const { return address + length <= (m_memory_card_size - 1); }
+  bool IsAddressInBounds(u32 address, u32 length) const
+  {
+    u64 end_address = static_cast<u64>(address) + static_cast<u64>(length);
+    return end_address <= static_cast<u64>(m_memory_card_size);
+  }
 
   std::string m_filename;
   std::unique_ptr<u8[]> m_memcard_data;