From a5c12df57f3c6ffedcfa8d0d0b9dfb26c5bfe87f Mon Sep 17 00:00:00 2001
From: Vicki Pfau <vi@endrift.com>
Date: Sun, 2 May 2021 22:43:26 -0700
Subject: [PATCH] GBA: Fix some patch loading edge cases

---
 CHANGES       | 2 ++
 src/gba/gba.c | 8 ++++++--
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/CHANGES b/CHANGES
index f80f7f0ac..3da4e90b3 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,8 @@
 0.9.3: (Future)
 Emulation fixes:
  - GBA SIO: Fix SI value for unattached MULTI mode
+Other fixes:
+ - GBA: Fix out of bounds ROM accesses on patched ROMs smaller than 32 MiB
 
 0.9.2: (2021-07-10)
 Emulation fixes:
diff --git a/src/gba/gba.c b/src/gba/gba.c
index a328b55da..7ac7bbdf3 100644
--- a/src/gba/gba.c
+++ b/src/gba/gba.c
@@ -501,7 +501,11 @@ void GBAApplyPatch(struct GBA* gba, struct Patch* patch) {
 	}
 	if (gba->romVf) {
 #ifndef FIXED_ROM_BUFFER
-		gba->romVf->unmap(gba->romVf, gba->memory.rom, gba->pristineRomSize);
+		if (!gba->isPristine) {
+			mappedMemoryFree(gba->memory.rom, SIZE_CART0);
+		} else {
+			gba->romVf->unmap(gba->romVf, gba->memory.rom, gba->pristineRomSize);
+		}
 #endif
 		gba->romVf->close(gba->romVf);
 		gba->romVf = NULL;
@@ -510,7 +514,7 @@ void GBAApplyPatch(struct GBA* gba, struct Patch* patch) {
 	gba->memory.rom = newRom;
 	gba->memory.hw.gpioBase = &((uint16_t*) gba->memory.rom)[GPIO_REG_DATA >> 1];
 	gba->memory.romSize = patchedSize;
-	gba->memory.romMask = SIZE_CART0 - 1;
+	gba->memory.romMask = toPow2(patchedSize) - 1;
 	gba->romCrc32 = doCrc32(gba->memory.rom, gba->memory.romSize);
 }