From 070afe57af6968df2ec218bdd853ec0d4e692d2a Mon Sep 17 00:00:00 2001
From: Gregory Hainaut <gregory.hainaut@gmail.com>
Date: Fri, 25 Sep 2015 21:04:58 +0200
Subject: [PATCH] svu: fix buffer overrun on ialu&fmac

CID 146904 (#1 of 1): Out-of-bounds write (OVERRUN)
10. overrun-local: Overrunning array VU->ialu of 8 16-byte elements at element index 8 (byte offset 128) using index i (which evaluates to 8).

CID 146903 (#1 of 1): Out-of-bounds write (OVERRUN)
10. overrun-local: Overrunning array VU->fmac of 8 32-byte elements at element index 8 (byte offset 256) using index i (which evaluates to 8).
---
 pcsx2/x86/sVU_Micro.cpp | 30 +++++++++++++++++-------------
 1 file changed, 17 insertions(+), 13 deletions(-)

diff --git a/pcsx2/x86/sVU_Micro.cpp b/pcsx2/x86/sVU_Micro.cpp
index 2be3bdf1c3..c4bfc83354 100644
--- a/pcsx2/x86/sVU_Micro.cpp
+++ b/pcsx2/x86/sVU_Micro.cpp
@@ -292,14 +292,16 @@ void _recvuFMACAdd(VURegs * VU, int reg, int xyzw) {
 		break;
 	}
 
-	if (i==8) Console.Error("*PCSX2*: error , out of fmacs");
+	if (i==8) {
+		Console.Error("*PCSX2*: error , out of fmacs");
 //	VUM_LOG("adding FMAC pipe[%d]; reg %d", i, reg);
-
-	VU->fmac[i].enable = 1;
-	VU->fmac[i].sCycle = vucycle;
-	VU->fmac[i].Cycle = 3;
-	VU->fmac[i].xyzw = xyzw;
-	VU->fmac[i].reg = reg;
+	} else {
+		VU->fmac[i].enable = 1;
+		VU->fmac[i].sCycle = vucycle;
+		VU->fmac[i].Cycle = 3;
+		VU->fmac[i].xyzw = xyzw;
+		VU->fmac[i].reg = reg;
+	}
 }
 
 void _recvuFDIVAdd(VURegs * VU, int cycles) {
@@ -325,12 +327,14 @@ void _recvuIALUAdd(VURegs * VU, int reg, int cycles) {
 		break;
 	}
 
-	if (i==8) Console.Error("*PCSX2*: error , out of ialus");
-
-	VU->ialu[i].enable = 1;
-	VU->ialu[i].sCycle = vucycle;
-	VU->ialu[i].Cycle = cycles;
-	VU->ialu[i].reg = reg;
+	if (i==8) {
+		Console.Error("*PCSX2*: error , out of ialus");
+	} else {
+		VU->ialu[i].enable = 1;
+		VU->ialu[i].sCycle = vucycle;
+		VU->ialu[i].Cycle = cycles;
+		VU->ialu[i].reg = reg;
+	}
 }
 
 void _recvuTestIALUStalls(VURegs * VU, _VURegsNum *VUregsn) {