From 47d70582c00ed1faa7bb8417ad56bf3fd44dc5fb Mon Sep 17 00:00:00 2001
From: Vicki Pfau <vi@endrift.com>
Date: Fri, 26 Mar 2021 19:20:28 -0700
Subject: [PATCH] GBA BIOS: Fix invalid decompression bounds checking

---
 CHANGES        | 1 +
 src/gba/bios.c | 8 ++++----
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/CHANGES b/CHANGES
index 0f610d959..78ed32092 100644
--- a/CHANGES
+++ b/CHANGES
@@ -40,6 +40,7 @@ Emulation fixes:
  - GBA BIOS: Improve HLE BIOS timing
  - GBA BIOS: Fix reloading video registers after reset (fixes mgba.io/i/1808)
  - GBA BIOS: Make HLE BIOS calls interruptable (fixes mgba.io/i/1711 and mgba.io/i/1823)
+ - GBA BIOS: Fix invalid decompression bounds checking
  - GBA DMA: Linger last DMA on bus (fixes mgba.io/i/301 and mgba.io/i/1320)
  - GBA DMA: Fix ordering and timing of overlapping DMAs
  - GBA I/O: Green swap register should be readable
diff --git a/src/gba/bios.c b/src/gba/bios.c
index 8dd28f197..171b09ec9 100644
--- a/src/gba/bios.c
+++ b/src/gba/bios.c
@@ -525,7 +525,7 @@ void GBASwi16(struct ARMCore* cpu, int immediate) {
 		break;
 	case GBA_SWI_LZ77_UNCOMP_WRAM:
 	case GBA_SWI_LZ77_UNCOMP_VRAM:
-		if (cpu->gprs[0] < BASE_WORKING_RAM) {
+		if (!(cpu->gprs[0] & 0x0E000000)) {
 			mLOG(GBA_BIOS, GAME_ERROR, "Bad LZ77 source");
 			break;
 		}
@@ -541,7 +541,7 @@ void GBASwi16(struct ARMCore* cpu, int immediate) {
 		}
 		break;
 	case GBA_SWI_HUFFMAN_UNCOMP:
-		if (cpu->gprs[0] < BASE_WORKING_RAM) {
+		if (!(cpu->gprs[0] & 0x0E000000)) {
 			mLOG(GBA_BIOS, GAME_ERROR, "Bad Huffman source");
 			break;
 		}
@@ -558,7 +558,7 @@ void GBASwi16(struct ARMCore* cpu, int immediate) {
 		break;
 	case GBA_SWI_RL_UNCOMP_WRAM:
 	case GBA_SWI_RL_UNCOMP_VRAM:
-		if (cpu->gprs[0] < BASE_WORKING_RAM) {
+		if (!(cpu->gprs[0] & 0x0E000000)) {
 			mLOG(GBA_BIOS, GAME_ERROR, "Bad RL source");
 			break;
 		}
@@ -576,7 +576,7 @@ void GBASwi16(struct ARMCore* cpu, int immediate) {
 	case GBA_SWI_DIFF_8BIT_UNFILTER_WRAM:
 	case GBA_SWI_DIFF_8BIT_UNFILTER_VRAM:
 	case GBA_SWI_DIFF_16BIT_UNFILTER:
-		if (cpu->gprs[0] < BASE_WORKING_RAM) {
+		if (!(cpu->gprs[0] & 0x0E000000)) {
 			mLOG(GBA_BIOS, GAME_ERROR, "Bad UnFilter source");
 			break;
 		}