From 900700aa41680ca80a7d2d8d824054313b0f88d4 Mon Sep 17 00:00:00 2001
From: Jeffrey Pfau <jeffrey@endrift.com>
Date: Thu, 13 Oct 2016 00:17:30 -0700
Subject: [PATCH] GB MBC: Fix SRAM dangling pointer with RTC games

---
 CHANGES      | 1 +
 src/gb/gb.c  | 4 ++--
 src/gb/mbc.c | 9 +++++++++
 3 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/CHANGES b/CHANGES
index fdafba138..1c29bb791 100644
--- a/CHANGES
+++ b/CHANGES
@@ -8,6 +8,7 @@ Bugfixes:
  - GBA Memory: Fix misaligned BIOS reads
  - GBA BIOS: Fix MidiKey2Freq BIOS reads
  - GBA BIOS: Fix invalid CpuSet not setting BIOS prefetch
+ - GB MBC: Fix SRAM dangling pointer with RTC games
 Misc:
  - SDL: Remove scancode key input
  - GBA Video: Clean up unused timers
diff --git a/src/gb/gb.c b/src/gb/gb.c
index 72cb775ac..604bc24be 100644
--- a/src/gb/gb.c
+++ b/src/gb/gb.c
@@ -120,7 +120,7 @@ bool GBLoadSave(struct GB* gb, struct VFile* vf) {
 static void GBSramDeinit(struct GB* gb) {
 	if (gb->sramVf) {
 		gb->sramVf->unmap(gb->sramVf, gb->memory.sram, gb->sramSize);
-		if (gb->memory.mbcType == GB_MBC3_RTC) {
+		if (gb->memory.mbcType == GB_MBC3_RTC && gb->sramVf == gb->sramRealVf) {
 			GBMBCRTCWrite(gb);
 		}
 		gb->sramVf = NULL;
@@ -192,7 +192,7 @@ void GBResizeSram(struct GB* gb, size_t size) {
 
 void GBSramClean(struct GB* gb, uint32_t frameCount) {
 	// TODO: Share with GBASavedataClean
-	if (!gb->sramVf) {
+	if (!gb->sramVf || gb->sramVf != gb->sramRealVf) {
 		return;
 	}
 	if (gb->sramDirty & GB_SRAM_DIRT_NEW) {
diff --git a/src/gb/mbc.c b/src/gb/mbc.c
index acd84ce07..c1961341c 100644
--- a/src/gb/mbc.c
+++ b/src/gb/mbc.c
@@ -671,6 +671,15 @@ void GBMBCRTCWrite(struct GB* gb) {
 	STORE_32LE(gb->memory.rtcRegs[4], 0, &rtcBuffer.latchedDaysHi);
 	STORE_64LE(rtcLastLatch, 0, &rtcBuffer.unixTime);
 
+	if (vf->size(vf) == gb->sramSize) {
+		// Writing past the end of the file can invalidate the file mapping
+		vf->unmap(vf, gb->memory.sram, gb->sramSize);
+		gb->memory.sram = NULL;
+	}
 	vf->seek(vf, gb->sramSize, SEEK_SET);
 	vf->write(vf, &rtcBuffer, sizeof(rtcBuffer));
+	if (!gb->memory.sram) {
+		gb->memory.sram = vf->map(vf, gb->sramSize, MAP_WRITE);
+		GBMBCSwitchSramBank(gb, gb->memory.sramCurrentBank);
+	}
 }