mirror of https://github.com/mgba-emu/mgba.git
GBA: Fix bounds-checking on EEPROM access
This commit is contained in:
parent
78db3e1a74
commit
262e46b8a6
1
CHANGES
1
CHANGES
|
@ -47,6 +47,7 @@ Bugfixes:
|
||||||
- SDL: Allocate properly sized input maps
|
- SDL: Allocate properly sized input maps
|
||||||
- ARM7: Handle writeback for PC in addressing modes 2 and 3
|
- ARM7: Handle writeback for PC in addressing modes 2 and 3
|
||||||
- GBA: Handle out-of-bounds I/O access
|
- GBA: Handle out-of-bounds I/O access
|
||||||
|
- GBA: Fix bounds-checking on EEPROM access
|
||||||
Misc:
|
Misc:
|
||||||
- Qt: Show multiplayer numbers in window title
|
- Qt: Show multiplayer numbers in window title
|
||||||
- Qt: Handle saving input settings better
|
- Qt: Handle saving input settings better
|
||||||
|
|
|
@ -345,12 +345,14 @@ void GBASavedataWriteEEPROM(struct GBASavedata* savedata, uint16_t value, uint32
|
||||||
savedata->writeAddress |= (value & 0x1) << 6;
|
savedata->writeAddress |= (value & 0x1) << 6;
|
||||||
} else if (writeSize == 1) {
|
} else if (writeSize == 1) {
|
||||||
savedata->command = EEPROM_COMMAND_NULL;
|
savedata->command = EEPROM_COMMAND_NULL;
|
||||||
} else {
|
} else if ((savedata->writeAddress >> 3) < SIZE_CART_EEPROM) {
|
||||||
uint8_t current = savedata->data[savedata->writeAddress >> 3];
|
uint8_t current = savedata->data[savedata->writeAddress >> 3];
|
||||||
current &= ~(1 << (0x7 - (savedata->writeAddress & 0x7)));
|
current &= ~(1 << (0x7 - (savedata->writeAddress & 0x7)));
|
||||||
current |= (value & 0x1) << (0x7 - (savedata->writeAddress & 0x7));
|
current |= (value & 0x1) << (0x7 - (savedata->writeAddress & 0x7));
|
||||||
savedata->data[savedata->writeAddress >> 3] = current;
|
savedata->data[savedata->writeAddress >> 3] = current;
|
||||||
++savedata->writeAddress;
|
++savedata->writeAddress;
|
||||||
|
} else {
|
||||||
|
GBALog(0, GBA_LOG_GAME_ERROR, "Writing beyond end of EEPROM: %08X", (savedata->writeAddress >> 3));
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case EEPROM_COMMAND_READ_PENDING:
|
case EEPROM_COMMAND_READ_PENDING:
|
||||||
|
@ -375,7 +377,12 @@ uint16_t GBASavedataReadEEPROM(struct GBASavedata* savedata) {
|
||||||
--savedata->readBitsRemaining;
|
--savedata->readBitsRemaining;
|
||||||
if (savedata->readBitsRemaining < 64) {
|
if (savedata->readBitsRemaining < 64) {
|
||||||
int step = 63 - savedata->readBitsRemaining;
|
int step = 63 - savedata->readBitsRemaining;
|
||||||
uint8_t data = savedata->data[(savedata->readAddress + step) >> 3] >> (0x7 - (step & 0x7));
|
uint32_t address = (savedata->readAddress + step) >> 3;
|
||||||
|
if (address >= SIZE_CART_EEPROM) {
|
||||||
|
GBALog(0, GBA_LOG_GAME_ERROR, "Reading beyond end of EEPROM: %08X", address);
|
||||||
|
return 0xFF;
|
||||||
|
}
|
||||||
|
uint8_t data = savedata->data[address] >> (0x7 - (step & 0x7));
|
||||||
if (!savedata->readBitsRemaining) {
|
if (!savedata->readBitsRemaining) {
|
||||||
savedata->command = EEPROM_COMMAND_NULL;
|
savedata->command = EEPROM_COMMAND_NULL;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue