From 244f0e362a71f5c07f95aacc4677050a081bc791 Mon Sep 17 00:00:00 2001
From: Jeffrey Pfau <jeffrey@endrift.com>
Date: Fri, 8 May 2015 00:34:01 -0700
Subject: [PATCH] GBA Memory: Soft-crash if jumping past the end of a ROM

---
 CHANGES          |  1 +
 src/gba/memory.c | 28 +++++++++++++++++-----------
 2 files changed, 18 insertions(+), 11 deletions(-)

diff --git a/CHANGES b/CHANGES
index 9f569afdf..236b8264f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -29,6 +29,7 @@ Bugfixes:
 Misc:
  - Qt: Show multiplayer numbers in window title
  - Qt: Solar sensor can have shortcuts set
+ - GBA Memory: Soft-crash if jumping past the end of a ROM
 
 0.2.0: (2015-04-03)
 Features:
diff --git a/src/gba/memory.c b/src/gba/memory.c
index 9b945ffcd..cee35d02a 100644
--- a/src/gba/memory.c
+++ b/src/gba/memory.c
@@ -225,6 +225,12 @@ static void GBASetActiveRegion(struct ARMCore* cpu, uint32_t address) {
 	}
 
 	gba->lastJump = address;
+	if (newRegion >= REGION_CART0 && (address & (SIZE_CART0 - 1)) >= memory->romSize) {
+		cpu->memory.activeRegion = _deadbeef;
+		cpu->memory.activeMask = 0;
+		GBALog(gba, GBA_LOG_FATAL, "Jumped past end of ROM");
+		return;
+	}
 	if (newRegion == memory->activeRegion) {
 		return;
 	}
@@ -233,29 +239,29 @@ static void GBASetActiveRegion(struct ARMCore* cpu, uint32_t address) {
 		memory->biosPrefetch = cpu->prefetch[1];
 	}
 	memory->activeRegion = newRegion;
-	switch (address & ~OFFSET_MASK) {
-	case BASE_BIOS:
+	switch (newRegion) {
+	case REGION_BIOS:
 		cpu->memory.activeRegion = memory->bios;
 		cpu->memory.activeMask = SIZE_BIOS - 1;
 		break;
-	case BASE_WORKING_RAM:
+	case REGION_WORKING_RAM:
 		cpu->memory.activeRegion = memory->wram;
 		cpu->memory.activeMask = SIZE_WORKING_RAM - 1;
 		break;
-	case BASE_WORKING_IRAM:
+	case REGION_WORKING_IRAM:
 		cpu->memory.activeRegion = memory->iwram;
 		cpu->memory.activeMask = SIZE_WORKING_IRAM - 1;
 		break;
-	case BASE_VRAM:
+	case REGION_VRAM:
 		cpu->memory.activeRegion = (uint32_t*) gba->video.renderer->vram;
 		cpu->memory.activeMask = 0x0000FFFF;
 		break;
-	case BASE_CART0:
-	case BASE_CART0_EX:
-	case BASE_CART1:
-	case BASE_CART1_EX:
-	case BASE_CART2:
-	case BASE_CART2_EX:
+	case REGION_CART0:
+	case REGION_CART0_EX:
+	case REGION_CART1:
+	case REGION_CART1_EX:
+	case REGION_CART2:
+	case REGION_CART2_EX:
 		cpu->memory.activeRegion = memory->rom;
 		cpu->memory.activeMask = SIZE_CART0 - 1;
 		break;