From e311eea1c5567fb72710cbc862ff5b2d853fe456 Mon Sep 17 00:00:00 2001 From: RSDuck Date: Thu, 7 Jan 2021 18:32:28 +0100 Subject: [PATCH] fix out of bounds read --- src/GPU.cpp | 3 ++- src/GPU.h | 3 --- src/NonStupidBitfield.h | 7 ++++++- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/src/GPU.cpp b/src/GPU.cpp index ed73e297..2b61b4c8 100644 --- a/src/GPU.cpp +++ b/src/GPU.cpp @@ -638,6 +638,7 @@ void MapVRAM_CD(u32 bank, u8 cnt) case 2: // ARM7 VRAM ofs &= 0x1; VRAMMap_ARM7[ofs] |= bankmask; + memset(VRAMDirty[bank].Data, 0xFF, sizeof(VRAMDirty[bank].Data)); VRAMSTAT |= (1 << (bank-2)); break; @@ -1177,6 +1178,7 @@ NonStupidBitField VRAMTrackingSet(i*VRAMBitsPerMapping, VRAMBitsPerMapping); banksToBeZeroed |= currentMappings[i]; Mapping[i] = currentMappings[i]; @@ -1265,7 +1267,6 @@ void SyncDirtyFlags() SyncDirtyFlags(VRAMMap_AOBJ, VRAMWritten_AOBJ); SyncDirtyFlags(VRAMMap_BBG, VRAMWritten_BBG); SyncDirtyFlags(VRAMMap_BOBJ, VRAMWritten_BOBJ); - SyncDirtyFlags(VRAMMap_ARM7, VRAMWritten_ARM7); } template diff --git a/src/GPU.h b/src/GPU.h index 1bbb9fe2..cf2fe7d9 100644 --- a/src/GPU.h +++ b/src/GPU.h @@ -80,7 +80,6 @@ extern NonStupidBitField<512*1024/VRAMDirtyGranularity> VRAMWritten_ABG; extern NonStupidBitField<256*1024/VRAMDirtyGranularity> VRAMWritten_AOBJ; extern NonStupidBitField<128*1024/VRAMDirtyGranularity> VRAMWritten_BBG; extern NonStupidBitField<128*1024/VRAMDirtyGranularity> VRAMWritten_BOBJ; -extern NonStupidBitField<256*1024/VRAMDirtyGranularity> VRAMWritten_ARM7; extern NonStupidBitField<128*1024/VRAMDirtyGranularity> VRAMDirty[9]; @@ -458,8 +457,6 @@ void WriteVRAM_ARM7(u32 addr, T val) { u32 mask = VRAMMap_ARM7[(addr >> 17) & 0x1]; - VRAMWritten_ARM7[(addr & 0x1FFFF) / VRAMDirtyGranularity] = true; - if (mask & (1<<2)) *(T*)&VRAM_C[addr & 0x1FFFF] = val; if (mask & (1<<3)) *(T*)&VRAM_D[addr & 0x1FFFF] = val; } diff --git a/src/NonStupidBitfield.h b/src/NonStupidBitfield.h index 124ba76f..22e13a96 100644 --- a/src/NonStupidBitfield.h +++ b/src/NonStupidBitfield.h @@ -51,9 +51,14 @@ struct NonStupidBitField template void Next() { - while (RemainingBits == 0 && DataIdx < DataLength) + if (DataIdx >= DataLength) + return; + + while (RemainingBits == 0) { DataIdx += sizeof(T); + if (DataIdx >= DataLength) + return; RemainingBits = *(T*)&BitField.Data[DataIdx]; }