From 05e9175fc22de9244c52a097180471d09677986b Mon Sep 17 00:00:00 2001
From: Jeffrey Pfau <jeffrey@endrift.com>
Date: Thu, 1 Oct 2015 22:16:22 -0700
Subject: [PATCH] GBA: Add DMA timer check to savestate loading

---
 CHANGES             | 1 +
 src/gba/serialize.c | 4 ++++
 2 files changed, 5 insertions(+)

diff --git a/CHANGES b/CHANGES
index 06c95e5f3..98c9c29b0 100644
--- a/CHANGES
+++ b/CHANGES
@@ -24,6 +24,7 @@ Misc:
  - Qt: Disable menu items in multiplayer that don't make sense to have enabled
  - Qt: Dropping multiplayer windows works more cleanly now
  - GBA BIOS: Implement RegisterRamReset for SIO registers
+ - GBA: Additional savestate sanity checks
 
 0.3.0: (2015-08-16)
 Features:
diff --git a/src/gba/serialize.c b/src/gba/serialize.c
index 8abf2b665..191dca260 100644
--- a/src/gba/serialize.c
+++ b/src/gba/serialize.c
@@ -107,6 +107,10 @@ bool GBADeserialize(struct GBA* gba, const struct GBASerializedState* state) {
 		GBALog(gba, GBA_LOG_WARN, "Savestate is corrupted: timer nextEvent is negative");
 		error = true;
 	}
+	if (state->dma[0].nextEvent < 0 || state->dma[1].nextEvent < 0 || state->dma[2].nextEvent < 0 || state->dma[3].nextEvent < 0) {
+		GBALog(gba, GBA_LOG_WARN, "Savestate is corrupted: DMA nextEvent is negative");
+		error = true;
+	}
 	if (state->audio.eventDiff < 0) {
 		GBALog(gba, GBA_LOG_WARN, "Savestate is corrupted: audio eventDiff is negative");
 		error = true;