CHR size < 1k allows NES program to corrupt memory because VPage is 1k granularity

returning 0 from iNES_Init is not ideal, error is "unsupported mapper" but at least it's an error
also adding CHRmask1/2/4/8 fallback, not sure if needed but looks suspicious for <8k
This commit is contained in:
bbbradsmith 2020-05-02 00:20:44 -04:00
parent 747fba7711
commit e8597862f1
2 changed files with 6 additions and 0 deletions

View File

@ -132,6 +132,11 @@ void SetupCartCHRMapping(int chip, uint8 *p, uint32 size, int ram) {
CHRmask4[chip] = (size >> 12) - 1; CHRmask4[chip] = (size >> 12) - 1;
CHRmask8[chip] = (size >> 13) - 1; CHRmask8[chip] = (size >> 13) - 1;
if (CHRmask1[chip] >= (unsigned int)(-1)) CHRmask1[chip] = 0;
if (CHRmask2[chip] >= (unsigned int)(-1)) CHRmask2[chip] = 0;
if (CHRmask4[chip] >= (unsigned int)(-1)) CHRmask4[chip] = 0;
if (CHRmask8[chip] >= (unsigned int)(-1)) CHRmask8[chip] = 0;
CHRram[chip] = ram; CHRram[chip] = ram;
} }

View File

@ -1017,6 +1017,7 @@ static int iNES_Init(int num) {
{ {
CHRRAMSize = iNESCart.battery_vram_size + iNESCart.vram_size; CHRRAMSize = iNESCart.battery_vram_size + iNESCart.vram_size;
} }
if (CHRRAMSize < 1024) return 0; // unsupported size, VPage only goes down to 1k banks, NES program can corrupt memory if used
if ((VROM = (uint8*)FCEU_dmalloc(CHRRAMSize)) == NULL) return 0; if ((VROM = (uint8*)FCEU_dmalloc(CHRRAMSize)) == NULL) return 0;
FCEU_MemoryRand(VROM, CHRRAMSize); FCEU_MemoryRand(VROM, CHRRAMSize);