From 0b0739f56754a4603f6e4a3396d65e80a26fc3ca Mon Sep 17 00:00:00 2001
From: Vicki Pfau <vi@endrift.com>
Date: Mon, 20 Jul 2020 08:47:19 -0700
Subject: [PATCH] DS GX: Properly reject invalid commands

---
 CHANGES     | 1 +
 src/ds/gx.c | 5 +++++
 2 files changed, 6 insertions(+)

diff --git a/CHANGES b/CHANGES
index ffd4dc87a..06681a11d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -14,6 +14,7 @@ Bugfixes:
  - DS Slot-1: Reply to IR 0x08 command properly (fixes mgba.io/i/666)
  - GBA Video: Fix mode 2 out-of-bounds VRAM crash
  - GBA Video: Fix regression adjusting brightness of backdrop
+ - DS GX: Properly reject invalid commands
 Misc:
  - DS GX: Clean up and unify texture mapping
  - DS Core: Add symbol loading
diff --git a/src/ds/gx.c b/src/ds/gx.c
index 8ee9d287a..ae59329fb 100644
--- a/src/ds/gx.c
+++ b/src/ds/gx.c
@@ -1437,6 +1437,10 @@ static void DSGXWriteFIFO(struct DSGX* gx, struct DSGXEntry entry) {
 			gx->outstandingCommand[3] = 0;
 		}
 	} else {
+		if (entry.command >= DS_GX_CMD_MAX) {
+			mLOG(DS_GX, GAME_ERROR, "Wrote invalid command %02x to GX FIFO", entry.command);
+			return;
+		}
 		gx->outstandingParams[0] = _gxCommandParams[entry.command];
 		if (gx->outstandingParams[0]) {
 			--gx->outstandingParams[0];
@@ -1447,6 +1451,7 @@ static void DSGXWriteFIFO(struct DSGX* gx, struct DSGXEntry entry) {
 	}
 	uint32_t cycles = _gxCommandCycleBase[entry.command];
 	if (!cycles) {
+		mLOG(DS_GX, GAME_ERROR, "Wrote invalid command %02x to GX FIFO", entry.command);
 		return;
 	}
 	if (CircleBufferSize(&gx->fifo) == 0 && CircleBufferSize(&gx->pipe) < (DS_GX_PIPE_SIZE * sizeof(entry))) {