From 8ee270f3f6b5d7e09fef98a374f37bbae947f4d2 Mon Sep 17 00:00:00 2001
From: Vicki Pfau <vi@endrift.com>
Date: Sat, 19 Aug 2017 12:01:04 -0700
Subject: [PATCH] GB Serialize: Fix game title check

---
 CHANGES            |  1 +
 src/gb/serialize.c | 12 ++++++++----
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/CHANGES b/CHANGES
index 2c8b6aac9..c32a6ac37 100644
--- a/CHANGES
+++ b/CHANGES
@@ -33,6 +33,7 @@ Bugfixes:
  - GB Video: Fix potential hang when ending mode 0
  - GB Memory: Fix HDMA count starting in mode 0 (fixes mgba.io/i/855)
  - GB Memory: Actually load latch time from savestate
+ - GB Serialize: Fix game title check
 Misc:
  - GBA Timer: Use global cycles for timers
  - GBA: Extend oddly-sized ROMs to full address space (fixes mgba.io/i/722)
diff --git a/src/gb/serialize.c b/src/gb/serialize.c
index 78da148f0..ac5c58ba1 100644
--- a/src/gb/serialize.c
+++ b/src/gb/serialize.c
@@ -23,7 +23,7 @@ void GBSerialize(struct GB* gb, struct GBSerializedState* state) {
 	STORE_32LE(gb->timing.masterCycles, 0, &state->masterCycles);
 
 	if (gb->memory.rom) {
-		memcpy(state->title, ((struct GBCartridge*) gb->memory.rom)->titleLong, sizeof(state->title));
+		memcpy(state->title, ((struct GBCartridge*) &gb->memory.rom[0x100])->titleLong, sizeof(state->title));
 	} else {
 		memset(state->title, 0, sizeof(state->title));
 	}
@@ -86,9 +86,13 @@ bool GBDeserialize(struct GB* gb, const struct GBSerializedState* state) {
 	}
 	bool canSgb = ucheck >= GB_SAVESTATE_MAGIC + 2;
 
-	if (gb->memory.rom && memcmp(state->title, ((struct GBCartridge*) gb->memory.rom)->titleLong, sizeof(state->title))) {
-		mLOG(GB_STATE, WARN, "Savestate is for a different game");
-		error = true;
+	if (gb->memory.rom && memcmp(state->title, ((struct GBCartridge*) &gb->memory.rom[0x100])->titleLong, sizeof(state->title))) {
+		LOAD_32LE(ucheck, 0, &state->versionMagic);
+		if (ucheck > GB_SAVESTATE_MAGIC + 2 || memcmp(state->title, ((struct GBCartridge*) gb->memory.rom)->titleLong, sizeof(state->title))) {
+			// There was a bug in previous versions where the memory address being compared was wrong
+			mLOG(GB_STATE, WARN, "Savestate is for a different game");
+			error = true;
+		}
 	}
 	LOAD_32LE(ucheck, 0, &state->romCrc32);
 	if (ucheck != gb->romCrc32) {