fix out of bounds read

This commit is contained in:
RSDuck 2021-01-07 18:32:28 +01:00
parent 1d8e302c13
commit e311eea1c5
3 changed files with 8 additions and 5 deletions

View File

@ -638,6 +638,7 @@ void MapVRAM_CD(u32 bank, u8 cnt)
case 2: // ARM7 VRAM
ofs &= 0x1;
VRAMMap_ARM7[ofs] |= bankmask;
memset(VRAMDirty[bank].Data, 0xFF, sizeof(VRAMDirty[bank].Data));
VRAMSTAT |= (1 << (bank-2));
break;
@ -1177,6 +1178,7 @@ NonStupidBitField<Size/VRAMDirtyGranularity> VRAMTrackingSet<Size, MappingGranul
{
if (currentMappings[i] != Mapping[i])
{
printf("remapped %x %x\n", currentMappings[i], Mapping[i]);
result |= NonStupidBitField<Size/VRAMDirtyGranularity>(i*VRAMBitsPerMapping, VRAMBitsPerMapping);
banksToBeZeroed |= currentMappings[i];
Mapping[i] = currentMappings[i];
@ -1265,7 +1267,6 @@ void SyncDirtyFlags()
SyncDirtyFlags(VRAMMap_AOBJ, VRAMWritten_AOBJ);
SyncDirtyFlags(VRAMMap_BBG, VRAMWritten_BBG);
SyncDirtyFlags(VRAMMap_BOBJ, VRAMWritten_BOBJ);
SyncDirtyFlags(VRAMMap_ARM7, VRAMWritten_ARM7);
}
template <u32 MappingGranularity, u32 Size>

View File

@ -80,7 +80,6 @@ extern NonStupidBitField<512*1024/VRAMDirtyGranularity> VRAMWritten_ABG;
extern NonStupidBitField<256*1024/VRAMDirtyGranularity> VRAMWritten_AOBJ;
extern NonStupidBitField<128*1024/VRAMDirtyGranularity> VRAMWritten_BBG;
extern NonStupidBitField<128*1024/VRAMDirtyGranularity> VRAMWritten_BOBJ;
extern NonStupidBitField<256*1024/VRAMDirtyGranularity> VRAMWritten_ARM7;
extern NonStupidBitField<128*1024/VRAMDirtyGranularity> VRAMDirty[9];
@ -458,8 +457,6 @@ void WriteVRAM_ARM7(u32 addr, T val)
{
u32 mask = VRAMMap_ARM7[(addr >> 17) & 0x1];
VRAMWritten_ARM7[(addr & 0x1FFFF) / VRAMDirtyGranularity] = true;
if (mask & (1<<2)) *(T*)&VRAM_C[addr & 0x1FFFF] = val;
if (mask & (1<<3)) *(T*)&VRAM_D[addr & 0x1FFFF] = val;
}

View File

@ -51,9 +51,14 @@ struct NonStupidBitField
template <typename T>
void Next()
{
while (RemainingBits == 0 && DataIdx < DataLength)
if (DataIdx >= DataLength)
return;
while (RemainingBits == 0)
{
DataIdx += sizeof(T);
if (DataIdx >= DataLength)
return;
RemainingBits = *(T*)&BitField.Data[DataIdx];
}