ShuriZma
/
mgba
mirror of https://github.com/mgba-emu/mgba.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

GB Serialize: Check DMA destination when loading state

This commit is contained in:
Jeffrey Pfau 2016-09-12 18:10:28 -07:00
parent 740f7a0f66
commit ff788a017c
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/gb/serialize.c
View File

@ -89,6 +89,7 @@ bool GBDeserialize(struct GB* gb, const struct GBSerializedState* state) {
int32_t check;
uint32_t ucheck;
int16_t check16;
uint16_t ucheck16;
LOAD_32LE(ucheck, 0, &state->versionMagic);
if (ucheck > GB_SAVESTATE_MAGIC + GB_SAVESTATE_VERSION) {
mLOG(GB_STATE, WARN, "Invalid or too new savestate: expected %08X, got %08X", GB_SAVESTATE_MAGIC + GB_SAVESTATE_VERSION, ucheck);
@ -126,11 +127,16 @@ bool GBDeserialize(struct GB* gb, const struct GBSerializedState* state) {
mLOG(GB_STATE, WARN, "Savestate is corrupted: video eventDiff is negative");
error = true;
}
LOAD_32LE(check16, 0, &state->video.ly);
LOAD_16LE(check16, 0, &state->video.ly);
if (check16 < 0 || check16 > GB_VIDEO_VERTICAL_TOTAL_PIXELS) {
mLOG(GB_STATE, WARN, "Savestate is corrupted: video y is out of range");
error = true;
}
LOAD_16LE(ucheck16, 0, &state->memory.dmaDest);
if (ucheck16 >= GB_SIZE_OAM) {
mLOG(GB_STATE, WARN, "Savestate is corrupted: DMA destination is out of range");
error = true;
}
if (error) {
return false;
}