ShuriZma
/
mgba
mirror of https://github.com/mgba-emu/mgba.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

GBA Memory: Properly bounds-check VRAM accesses

This commit is contained in:
Jeffrey Pfau 2015-01-13 21:24:41 -08:00
parent 787b2bd1a3
commit 369ccc6402
2 changed files with 20 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGES
View File

@ -53,6 +53,7 @@ Bugfixes:
- GBA BIOS: Fix LZ77UnCompVram to use 16-bit loads from decompressed memory - GBA BIOS: Fix LZ77UnCompVram to use 16-bit loads from decompressed memory
- GBA BIOS: Fix HuffUnComp to work when games pass an invalid bit length - GBA BIOS: Fix HuffUnComp to work when games pass an invalid bit length
- GBA BIOS: Fix GetBiosChecksum to return the value of a real GBA, regardless of used BIOS - GBA BIOS: Fix GetBiosChecksum to return the value of a real GBA, regardless of used BIOS
- GBA Memory: Properly bounds-check VRAM accesses
Misc: Misc:
- Qt: Disable sync to video by default - Qt: Disable sync to video by default
- GBA: Exit cleanly on FATAL if the port supports it - GBA: Exit cleanly on FATAL if the port supports it

26
src/gba/gba-memory.c
View File

@ -204,7 +204,11 @@ static void GBASetActiveRegion(struct ARMCore* cpu, uint32_t address) {
++wait; ++wait;
#define LOAD_VRAM \ #define LOAD_VRAM \
LOAD_32(value, address & 0x0001FFFF, gba->video.renderer->vram); \ if ((address & 0x0001FFFF) < SIZE_VRAM) { \
LOAD_32(value, address & 0x0001FFFF, gba->video.renderer->vram); \
} else { \
LOAD_32(value, address & 0x00017FFF, gba->video.renderer->vram); \
} \
++wait; ++wait;
#define LOAD_OAM LOAD_32(value, address & (SIZE_OAM - 1), gba->video.oam.raw); #define LOAD_OAM LOAD_32(value, address & (SIZE_OAM - 1), gba->video.oam.raw);
@ -317,7 +321,11 @@ uint32_t GBALoad16(struct ARMCore* cpu, uint32_t address, int* cycleCounter) {
LOAD_16(value, address & (SIZE_PALETTE_RAM - 1), gba->video.palette); LOAD_16(value, address & (SIZE_PALETTE_RAM - 1), gba->video.palette);
break; break;
case REGION_VRAM: case REGION_VRAM:
LOAD_16(value, address & 0x0001FFFF, gba->video.renderer->vram); if ((address & 0x0001FFFF) < SIZE_VRAM) {
LOAD_16(value, address & 0x0001FFFF, gba->video.renderer->vram);
} else {
LOAD_16(value, address & 0x00017FFF, gba->video.renderer->vram);
}
break; break;
case REGION_OAM: case REGION_OAM:
LOAD_16(value, address & (SIZE_OAM - 1), gba->video.oam.raw); LOAD_16(value, address & (SIZE_OAM - 1), gba->video.oam.raw);
@ -408,7 +416,11 @@ uint32_t GBALoad8(struct ARMCore* cpu, uint32_t address, int* cycleCounter) {
value = ((int8_t*) gba->video.palette)[address & (SIZE_PALETTE_RAM - 1)]; value = ((int8_t*) gba->video.palette)[address & (SIZE_PALETTE_RAM - 1)];
break; break;
case REGION_VRAM: case REGION_VRAM:
value = ((int8_t*) gba->video.renderer->vram)[address & 0x0001FFFF]; if ((address & 0x0001FFFF) < SIZE_VRAM) {
value = ((int8_t*) gba->video.renderer->vram)[address & 0x0001FFFF];
} else {
value = ((int8_t*) gba->video.renderer->vram)[address & 0x00017FFF];
}
break; break;
case REGION_OAM: case REGION_OAM:
GBALog(gba, GBA_LOG_STUB, "Unimplemented memory Load8: 0x%08X", address); GBALog(gba, GBA_LOG_STUB, "Unimplemented memory Load8: 0x%08X", address);
@ -478,9 +490,9 @@ uint32_t GBALoad8(struct ARMCore* cpu, uint32_t address, int* cycleCounter) {
gba->video.renderer->writePalette(gba->video.renderer, address & (SIZE_PALETTE_RAM - 1), value); gba->video.renderer->writePalette(gba->video.renderer, address & (SIZE_PALETTE_RAM - 1), value);
#define STORE_VRAM \ #define STORE_VRAM \
if ((address & OFFSET_MASK) < SIZE_VRAM) { \ if ((address & 0x0001FFFF) < SIZE_VRAM) { \
STORE_32(value, address & 0x0001FFFF, gba->video.renderer->vram); \ STORE_32(value, address & 0x0001FFFF, gba->video.renderer->vram); \
} else if ((address & OFFSET_MASK) < 0x00020000) { \ } else { \
STORE_32(value, address & 0x00017FFF, gba->video.renderer->vram); \ STORE_32(value, address & 0x00017FFF, gba->video.renderer->vram); \
} \ } \
++wait; ++wait;
@ -567,9 +579,9 @@ void GBAStore16(struct ARMCore* cpu, uint32_t address, int16_t value, int* cycle
gba->video.renderer->writePalette(gba->video.renderer, address & (SIZE_PALETTE_RAM - 1), value); gba->video.renderer->writePalette(gba->video.renderer, address & (SIZE_PALETTE_RAM - 1), value);
break; break;
case REGION_VRAM: case REGION_VRAM:
if ((address & OFFSET_MASK) < SIZE_VRAM) { if ((address & 0x0001FFFF) < SIZE_VRAM) {
STORE_16(value, address & 0x0001FFFF, gba->video.renderer->vram); STORE_16(value, address & 0x0001FFFF, gba->video.renderer->vram);
} else if ((address & OFFSET_MASK) < 0x00020000) { } else {
STORE_16(value, address & 0x00017FFF, gba->video.renderer->vram); STORE_16(value, address & 0x00017FFF, gba->video.renderer->vram);
} }
break; break;