From 36c66e7db434bc3034ec172323cc7f0cd7e5c1ec Mon Sep 17 00:00:00 2001
From: Vicki Pfau <vi@endrift.com>
Date: Sat, 22 Apr 2017 18:29:10 -0700
Subject: [PATCH 1/6] Qt: Fix logo missing with integer scaling (fixes #696)

---
 src/platform/qt/Window.cpp | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/platform/qt/Window.cpp b/src/platform/qt/Window.cpp
index 1588df0eb..112ee95bf 100644
--- a/src/platform/qt/Window.cpp
+++ b/src/platform/qt/Window.cpp
@@ -135,6 +135,7 @@ Window::Window(ConfigController* config, int playerId, QWidget* parent)
 #endif
 	m_screenWidget->setPixmap(m_logo);
 	m_screenWidget->setLockAspectRatio(m_logo.width(), m_logo.height());
+	m_screenWidget->setLockIntegerScaling(false);
 	setCentralWidget(m_screenWidget);
 
 	connect(m_controller, SIGNAL(gameStarted(mCoreThread*, const QString&)), this, SLOT(gameStarted(mCoreThread*, const QString&)));
@@ -732,6 +733,7 @@ void Window::gameStarted(mCoreThread* context, const QString& fname) {
 	context->core->desiredVideoDimensions(context->core, &width, &height);
 	m_display->setMinimumSize(width, height);
 	m_screenWidget->setMinimumSize(m_display->minimumSize());
+	m_config->updateOption("lockIntegerScaling");
 	if (m_savedScale > 0) {
 		resizeFrame(QSize(width, height) * m_savedScale);
 	}
@@ -794,6 +796,7 @@ void Window::gameStopped() {
 	updateTitle();
 	detachWidget(m_display);
 	m_screenWidget->setLockAspectRatio(m_logo.width(), m_logo.height());
+	m_screenWidget->setLockIntegerScaling(false);
 	m_screenWidget->setPixmap(m_logo);
 	m_screenWidget->unsetCursor();
 #ifdef M_CORE_GB
@@ -1267,7 +1270,9 @@ void Window::setupMenu(QMenuBar* menubar) {
 	lockIntegerScaling->addBoolean(tr("Force integer scaling"), avMenu);
 	lockIntegerScaling->connect([this](const QVariant& value) {
 		m_display->lockIntegerScaling(value.toBool());
-		m_screenWidget->setLockIntegerScaling(value.toBool());
+		if (m_controller->isLoaded()) {
+			m_screenWidget->setLockIntegerScaling(value.toBool());
+		}
 	}, this);
 	m_config->updateOption("lockIntegerScaling");
 

From 6fb7c0780a4cd81aa2d125808dece19066aebc2a Mon Sep 17 00:00:00 2001
From: Vicki Pfau <vi@endrift.com>
Date: Sat, 22 Apr 2017 18:40:55 -0700
Subject: [PATCH 2/6] Qt: Handle interrupting CLI debugger better (fixes #697)

---
 src/platform/qt/DebuggerConsoleController.cpp | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/platform/qt/DebuggerConsoleController.cpp b/src/platform/qt/DebuggerConsoleController.cpp
index ff8577414..e7c35144a 100644
--- a/src/platform/qt/DebuggerConsoleController.cpp
+++ b/src/platform/qt/DebuggerConsoleController.cpp
@@ -80,10 +80,11 @@ const char* DebuggerConsoleController::readLine(struct CLIDebuggerBackend* be, s
 	while (self->m_lines.isEmpty()) {
 		self->m_cond.wait(&self->m_mutex);
 	}
-	self->m_last = self->m_lines.takeFirst().toUtf8();
-	if (self->m_last.isEmpty()) {
-		self->m_last = "\n";
+	QString last = self->m_lines.takeFirst();
+	if (last.isNull()) {
+		return nullptr;
 	}
+	self->m_last = last.toUtf8();
 	*len = self->m_last.size();
 	return self->m_last.constData();
 
@@ -101,7 +102,7 @@ const char* DebuggerConsoleController::historyLast(struct CLIDebuggerBackend* be
 	GameController::Interrupter interrupter(self->m_gameController, true);
 	QMutexLocker lock(&self->m_mutex);
 	if (self->m_history.isEmpty()) {
-		return "\n";
+		return "i";
 	}
 	self->m_last = self->m_history.last().toUtf8();
 	return self->m_last.constData();

From 93122df1f42a46c9475f871f67a66ada85eed0db Mon Sep 17 00:00:00 2001
From: Vicki Pfau <vi@endrift.com>
Date: Tue, 18 Apr 2017 03:36:48 -0700
Subject: [PATCH 3/6] Test: Fix crash when loading invalid file

---
 CHANGES                       | 1 +
 src/platform/test/fuzz-main.c | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/CHANGES b/CHANGES
index e50660b19..50b437e74 100644
--- a/CHANGES
+++ b/CHANGES
@@ -45,6 +45,7 @@ Bugfixes:
  - GBA Video: Don't update background scanline params in mode 0 (fixes mgba.io/i/377)
  - Qt: Ensure CLI backend is attached when submitting commands (fixes mgba.io/i/662)
  - Core: Fix crash with rewind if savestates shrink
+ - Test: Fix crash when loading invalid file
 Misc:
  - SDL: Remove scancode key input
  - GBA Video: Clean up unused timers
diff --git a/src/platform/test/fuzz-main.c b/src/platform/test/fuzz-main.c
index d40a15937..611d3079a 100644
--- a/src/platform/test/fuzz-main.c
+++ b/src/platform/test/fuzz-main.c
@@ -68,6 +68,9 @@ int main(int argc, char** argv) {
 		return 0;
 	}
 	struct mCore* core = mCoreFind(args.fname);
+	if (!core) {
+		return 1;
+	}
 	core->init(core);
 	mCoreInitConfig(core, "fuzz");
 	applyArguments(&args, NULL, &core->config);

From 422c3a25b887ef357e992d725a7e9d06fbfd5713 Mon Sep 17 00:00:00 2001
From: Vicki Pfau <vi@endrift.com>
Date: Mon, 24 Apr 2017 13:34:57 -0700
Subject: [PATCH 4/6] GBA Hardware: Fix crash if a savestate lies about game
 hardware

---
 CHANGES            | 1 +
 src/gba/gba.c      | 2 ++
 src/gba/hardware.c | 3 +++
 3 files changed, 6 insertions(+)

diff --git a/CHANGES b/CHANGES
index 50b437e74..3484ca3f5 100644
--- a/CHANGES
+++ b/CHANGES
@@ -46,6 +46,7 @@ Bugfixes:
  - Qt: Ensure CLI backend is attached when submitting commands (fixes mgba.io/i/662)
  - Core: Fix crash with rewind if savestates shrink
  - Test: Fix crash when loading invalid file
+ - GBA Hardware: Fix crash if a savestate lies about game hardware
 Misc:
  - SDL: Remove scancode key input
  - GBA Video: Clean up unused timers
diff --git a/src/gba/gba.c b/src/gba/gba.c
index 2d04c4290..c795a4a51 100644
--- a/src/gba/gba.c
+++ b/src/gba/gba.c
@@ -76,6 +76,8 @@ static void GBAInit(void* cpu, struct mCPUComponent* component) {
 	gba->sio.p = gba;
 	GBASIOInit(&gba->sio);
 
+	GBAHardwareInit(&gba->memory.hw, NULL);
+
 	gba->springIRQ = 0;
 	gba->keySource = 0;
 	gba->rotationSource = 0;
diff --git a/src/gba/hardware.c b/src/gba/hardware.c
index ff7562840..f252afd96 100644
--- a/src/gba/hardware.c
+++ b/src/gba/hardware.c
@@ -77,6 +77,9 @@ void GBAHardwareClear(struct GBACartridgeHardware* hw) {
 }
 
 void GBAHardwareGPIOWrite(struct GBACartridgeHardware* hw, uint32_t address, uint16_t value) {
+	if (!hw->gpioBase) {
+		return;
+	}
 	switch (address) {
 	case GPIO_REG_DATA:
 		hw->pinState &= ~hw->direction;

From 870c375cf61ddf416c88141d9d7bc9a63acf4d99 Mon Sep 17 00:00:00 2001
From: Vicki Pfau <vi@endrift.com>
Date: Mon, 24 Apr 2017 13:35:28 -0700
Subject: [PATCH 5/6] Test: Fix crash when fuzzing fails to load a file

---
 CHANGES                       |  1 +
 src/platform/test/fuzz-main.c | 10 ++++++++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/CHANGES b/CHANGES
index 3484ca3f5..a13ba5c91 100644
--- a/CHANGES
+++ b/CHANGES
@@ -47,6 +47,7 @@ Bugfixes:
  - Core: Fix crash with rewind if savestates shrink
  - Test: Fix crash when loading invalid file
  - GBA Hardware: Fix crash if a savestate lies about game hardware
+ - Test: Fix crash when fuzzing fails to load a file
 Misc:
  - SDL: Remove scancode key input
  - GBA Video: Clean up unused timers
diff --git a/src/platform/test/fuzz-main.c b/src/platform/test/fuzz-main.c
index 611d3079a..7e86ec914 100644
--- a/src/platform/test/fuzz-main.c
+++ b/src/platform/test/fuzz-main.c
@@ -94,10 +94,15 @@ int main(int argc, char** argv) {
 #ifdef __AFL_HAVE_MANUAL_CONTROL
 	__AFL_INIT();
 #endif
+
+	bool cleanExit = true;
+	if (!mCoreLoadFile(core, args.fname)) {
+		cleanExit = false;
+		goto loadError;
+	}
 	if (args.patch) {
 		core->loadPatch(core, VFileOpen(args.patch, O_RDONLY));
 	}
-	mCoreLoadFile(core, args.fname);
 
 	struct VFile* savestate = 0;
 	struct VFile* savestateOverlay = 0;
@@ -158,13 +163,14 @@ int main(int argc, char** argv) {
 		savestateOverlay->close(savestateOverlay);
 	}
 
+loadError:
 	freeArguments(&args);
 	if (outputBuffer) {
 		free(outputBuffer);
 	}
 	core->deinit(core);
 
-	return 0;
+	return !cleanExit;
 }
 
 static void _fuzzRunloop(struct mCore* core, int frames) {

From bcf0e8ec59be807073ba95a1561b74b5fea9dbcd Mon Sep 17 00:00:00 2001
From: Vicki Pfau <vi@endrift.com>
Date: Tue, 25 Apr 2017 11:58:05 -0700
Subject: [PATCH 6/6] GBA: Fix multiboot loading resulting in too small WRAM

---
 CHANGES       |  1 +
 src/gba/gba.c | 11 +++--------
 2 files changed, 4 insertions(+), 8 deletions(-)

diff --git a/CHANGES b/CHANGES
index a13ba5c91..e24c84992 100644
--- a/CHANGES
+++ b/CHANGES
@@ -48,6 +48,7 @@ Bugfixes:
  - Test: Fix crash when loading invalid file
  - GBA Hardware: Fix crash if a savestate lies about game hardware
  - Test: Fix crash when fuzzing fails to load a file
+ - GBA: Fix multiboot loading resulting in too small WRAM
 Misc:
  - SDL: Remove scancode key input
  - GBA Video: Clean up unused timers
diff --git a/src/gba/gba.c b/src/gba/gba.c
index c795a4a51..4a145f5d8 100644
--- a/src/gba/gba.c
+++ b/src/gba/gba.c
@@ -297,14 +297,9 @@ bool GBALoadMB(struct GBA* gba, struct VFile* vf) {
 		gba->pristineRomSize = SIZE_WORKING_RAM;
 	}
 	gba->isPristine = true;
-#ifdef _3DS
-	if (gba->pristineRomSize <= romBufferSize) {
-		gba->memory.wram = romBuffer;
-		vf->read(vf, romBuffer, gba->pristineRomSize);
-	}
-#else
-	gba->memory.wram = vf->map(vf, gba->pristineRomSize, MAP_READ);
-#endif
+	gba->memory.wram = anonymousMemoryMap(SIZE_WORKING_RAM);
+	memset(gba->memory.wram, 0, SIZE_WORKING_RAM);
+	vf->read(vf, gba->memory.wram, gba->pristineRomSize);
 	if (!gba->memory.wram) {
 		mLOG(GBA, WARN, "Couldn't map ROM");
 		return false;