From ed0802b46f2d7134f6ac7781521887e573f7dc89 Mon Sep 17 00:00:00 2001
From: Jeffrey Pfau <jeffrey@endrift.com>
Date: Sat, 3 Oct 2015 21:33:31 -0700
Subject: [PATCH] GBA: More savestate sanitization

---
 src/gba/serialize.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/gba/serialize.c b/src/gba/serialize.c
index 18ab22d41..57a861935 100644
--- a/src/gba/serialize.c
+++ b/src/gba/serialize.c
@@ -99,6 +99,17 @@ bool GBADeserialize(struct GBA* gba, const struct GBASerializedState* state) {
 		GBALog(gba, GBA_LOG_WARN, "Savestate is corrupted: nextHblank is negative");
 		error = true;
 	}
+	if (state->video.nextEvent < state->cpu.cycles) {
+		uint16_t dispstat = state->io[REG_DISPSTAT >> 1];
+		if (GBARegisterDISPSTATIsInHblank(dispstat) && state->video.eventDiff + state->cpu.cycles > state->video.nextHblank) {
+			GBALog(gba, GBA_LOG_WARN, "Savestate is corrupted: nextHblank will be negative");
+			error = true;
+		}
+		if (!GBARegisterDISPSTATIsInHblank(dispstat) && state->video.eventDiff + state->cpu.cycles > state->video.lastHblank + VIDEO_HBLANK_LENGTH) {
+			GBALog(gba, GBA_LOG_WARN, "Savestate is corrupted: nextHblank will be negative");
+			error = true;
+		}
+	}
 	if (state->timers[0].overflowInterval < 0 || state->timers[1].overflowInterval < 0 || state->timers[2].overflowInterval < 0 || state->timers[3].overflowInterval < 0) {
 		GBALog(gba, GBA_LOG_WARN, "Savestate is corrupted: overflowInterval is negative");
 		error = true;