From f8ff96e051dcd0bea196869d07d22e1f1eae2616 Mon Sep 17 00:00:00 2001
From: Jeffrey Pfau <jeffrey@endrift.com>
Date: Tue, 10 Nov 2015 22:44:23 -0800
Subject: [PATCH] GBA Memory: Fix unaligned out-of-bounds ROM loads

---
 CHANGES          | 1 +
 src/gba/memory.c | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/CHANGES b/CHANGES
index 0e3006fae..c9697e77f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -13,6 +13,7 @@ Bugfixes:
  - GBA Memory: Fix Store8 to OBJ VRAM
  - GBA Memory: Fix alignment of LDM/STM on SRAM
  - GBA: Initialize uninitialized pristineRom and pristineRomSize members
+ - GBA Memory: Fix unaligned out-of-bounds ROM loads
 Misc:
  - GBA Audio: Implement missing flags on SOUNDCNT_X register
 
diff --git a/src/gba/memory.c b/src/gba/memory.c
index dec21bf16..33c4ffb68 100644
--- a/src/gba/memory.c
+++ b/src/gba/memory.c
@@ -359,8 +359,8 @@ static void GBASetActiveRegion(struct ARMCore* cpu, uint32_t address) {
 		LOAD_32(value, address & (SIZE_CART0 - 4), memory->rom); \
 	} else { \
 		GBALog(gba, GBA_LOG_GAME_ERROR, "Out of bounds ROM Load32: 0x%08X", address); \
-		value = (address >> 1) & 0xFFFF; \
-		value |= ((address + 2) >> 1) << 16; \
+		value = ((address & ~3) >> 1) & 0xFFFF; \
+		value |= (((address & ~3) + 2) >> 1) << 16; \
 	}
 
 #define LOAD_SRAM \