From 78db3e1a7491be7ead2e583c4258aad2b97d0295 Mon Sep 17 00:00:00 2001
From: Jeffrey Pfau <jeffrey@endrift.com>
Date: Fri, 8 May 2015 01:48:22 -0700
Subject: [PATCH] GBA: Handle out-of-bounds I/O access

---
 CHANGES      | 1 +
 src/gba/io.c | 8 ++++++++
 2 files changed, 9 insertions(+)

diff --git a/CHANGES b/CHANGES
index dab8d3eae..1cc3b2311 100644
--- a/CHANGES
+++ b/CHANGES
@@ -46,6 +46,7 @@ Bugfixes:
  - Util: Fix a null-pointer issue when attempting to delete a key
  - SDL: Allocate properly sized input maps
  - ARM7: Handle writeback for PC in addressing modes 2 and 3
+ - GBA: Handle out-of-bounds I/O access
 Misc:
  - Qt: Show multiplayer numbers in window title
  - Qt: Handle saving input settings better
diff --git a/src/gba/io.c b/src/gba/io.c
index be36e13c5..2a841e4b8 100644
--- a/src/gba/io.c
+++ b/src/gba/io.c
@@ -489,6 +489,10 @@ void GBAIOWrite(struct GBA* gba, uint32_t address, uint16_t value) {
 			break;
 		default:
 			GBALog(gba, GBA_LOG_STUB, "Stub I/O register write: %03x", address);
+			if (address >= REG_MAX) {
+				GBALog(gba, GBA_LOG_GAME_ERROR, "Write to unused I/O register: %03X", address);
+				return;
+			}
 			break;
 		}
 	}
@@ -643,6 +647,10 @@ uint16_t GBAIORead(struct GBA* gba, uint32_t address) {
 		break;
 	default:
 		GBALog(gba, GBA_LOG_STUB, "Stub I/O register read: %03x", address);
+		if (address >= REG_MAX) {
+			GBALog(gba, GBA_LOG_GAME_ERROR, "Read from unused I/O register: %03X", address);
+			return 0; // TODO: Reuse LOAD_BAD
+		}
 		break;
 	}
 	return gba->memory.io[address >> 1];