From c9cd80c0890e66475c74c87a34aab207c7e23aac Mon Sep 17 00:00:00 2001
From: Nekotekina <fbx@3mf.ru>
Date: Thu, 14 Aug 2014 16:02:01 +0400
Subject: [PATCH] Memory bugs fixed

---
 rpcs3/Emu/Cell/SPUThread.h                   |  6 ++--
 rpcs3/Emu/FS/vfsStreamMemory.cpp             |  4 +--
 rpcs3/Emu/SysCalls/Modules/cellGcmSys.cpp    |  4 +--
 rpcs3/Emu/SysCalls/Modules/cellGifDec.cpp    |  4 +--
 rpcs3/Emu/SysCalls/Modules/cellJpgDec.cpp    |  4 +--
 rpcs3/Emu/SysCalls/Modules/cellPngDec.cpp    |  4 +--
 rpcs3/Emu/SysCalls/Modules/cellSync.cpp      | 35 +++++++++++---------
 rpcs3/Emu/SysCalls/Modules/sysPrxForUser.cpp |  2 +-
 8 files changed, 33 insertions(+), 30 deletions(-)

diff --git a/rpcs3/Emu/Cell/SPUThread.h b/rpcs3/Emu/Cell/SPUThread.h
index c6c3e95470..e00a086ed5 100644
--- a/rpcs3/Emu/Cell/SPUThread.h
+++ b/rpcs3/Emu/Cell/SPUThread.h
@@ -658,13 +658,13 @@ public:
 		{
 		case MFC_PUT_CMD:
 		{
-			memcpy(Memory + ea, Memory + dmac.ls_offset + lsa, size);
+			memcpy(Memory + ea, Memory + (dmac.ls_offset + lsa), size);
 			return;
 		}
 
 		case MFC_GET_CMD:
 		{
-			memcpy(Memory + dmac.ls_offset + lsa, Memory + ea, size);
+			memcpy(Memory + (dmac.ls_offset + lsa), Memory + ea, size);
 			return;
 		}
 
@@ -841,7 +841,7 @@ public:
 							{
 								const u32 last_q = (buf[last].hi == reservation.data[last].hi);
 
-								if (InterlockedCompareExchange64((volatile long long*)(Memory + (u32)ea + last * 16 + last_q * 8),
+								if (InterlockedCompareExchange64((volatile long long*)(Memory + ((u32)ea + last * 16 + last_q * 8)),
 									buf[last]._u64[last_q], reservation.data[last]._u64[last_q]) == reservation.data[last]._u64[last_q])
 								{
 									MFCArgs.AtomicStat.PushUncond(MFC_PUTLLC_SUCCESS);
diff --git a/rpcs3/Emu/FS/vfsStreamMemory.cpp b/rpcs3/Emu/FS/vfsStreamMemory.cpp
index d8534193f0..03a71b5d38 100644
--- a/rpcs3/Emu/FS/vfsStreamMemory.cpp
+++ b/rpcs3/Emu/FS/vfsStreamMemory.cpp
@@ -32,7 +32,7 @@ u64 vfsStreamMemory::Write(const void* src, u64 size)
 		size = GetSize() - Tell();
 	}
 
-	memcpy(Memory + m_addr + Tell(), (void*)src, size);
+	memcpy(Memory + (m_addr + Tell()), (void*)src, size);
 
 	return vfsStream::Write(src, size);
 }
@@ -44,7 +44,7 @@ u64 vfsStreamMemory::Read(void* dst, u64 size)
 		size = GetSize() - Tell();
 	}
 
-	memcpy(dst, Memory + m_addr + Tell(), size);
+	memcpy(dst, Memory + (m_addr + Tell()), size);
 
 	return vfsStream::Read(dst, size);
 }
diff --git a/rpcs3/Emu/SysCalls/Modules/cellGcmSys.cpp b/rpcs3/Emu/SysCalls/Modules/cellGcmSys.cpp
index a8310a7bc1..c10e46ff4a 100644
--- a/rpcs3/Emu/SysCalls/Modules/cellGcmSys.cpp
+++ b/rpcs3/Emu/SysCalls/Modules/cellGcmSys.cpp
@@ -461,7 +461,7 @@ s32 cellGcmSetPrepareFlip(mem_ptr_t<CellGcmContextData> ctxt, u32 id)
  
 		const s32 res = ctxt->current - ctxt->begin - ctrl.put;
  
-		memmove(Memory + ctxt->begin, Memory + ctxt->current - res, res);
+		memmove(Memory + ctxt->begin, Memory + (ctxt->current - res), res);
 
 		ctxt->current = ctxt->begin + res;
 
@@ -1146,7 +1146,7 @@ int cellGcmCallback(u32 context_addr, u32 count)
 
 	const s32 res = ctx.current - ctx.begin - ctrl.put;
 
-	memmove(Memory + ctx.begin, Memory + ctx.current - res, res);
+	memmove(Memory + ctx.begin, Memory + (ctx.current - res), res);
 
 	ctx.current = ctx.begin + res;
 
diff --git a/rpcs3/Emu/SysCalls/Modules/cellGifDec.cpp b/rpcs3/Emu/SysCalls/Modules/cellGifDec.cpp
index bf904a2170..c29d15c44c 100644
--- a/rpcs3/Emu/SysCalls/Modules/cellGifDec.cpp
+++ b/rpcs3/Emu/SysCalls/Modules/cellGifDec.cpp
@@ -198,7 +198,7 @@ int cellGifDecDecodeData(u32 mainHandle, u32 subHandle, mem8_ptr_t data, const m
 			{
 				const int dstOffset = i * bytesPerLine;
 				const int srcOffset = width * nComponents * i;
-				memcpy(Memory + data.GetAddr() + dstOffset, &image.get()[srcOffset], linesize);
+				memcpy(Memory + (data.GetAddr() + dstOffset), &image.get()[srcOffset], linesize);
 			}
 		}
 		else
@@ -226,7 +226,7 @@ int cellGifDecDecodeData(u32 mainHandle, u32 subHandle, mem8_ptr_t data, const m
 					output[j + 2] = image.get()[srcOffset + j + 1];
 					output[j + 3] = image.get()[srcOffset + j + 2];
 				}
-				memcpy(Memory + data.GetAddr() + dstOffset, output, linesize);
+				memcpy(Memory + (data.GetAddr() + dstOffset), output, linesize);
 			}
 			free(output);
 		}
diff --git a/rpcs3/Emu/SysCalls/Modules/cellJpgDec.cpp b/rpcs3/Emu/SysCalls/Modules/cellJpgDec.cpp
index 9c0ccd9377..be776e7456 100644
--- a/rpcs3/Emu/SysCalls/Modules/cellJpgDec.cpp
+++ b/rpcs3/Emu/SysCalls/Modules/cellJpgDec.cpp
@@ -206,7 +206,7 @@ int cellJpgDecDecodeData(u32 mainHandle, u32 subHandle, mem8_ptr_t data, const m
 			{
 				const int dstOffset = i * bytesPerLine;
 				const int srcOffset = width * nComponents * (flip ? height - i - 1 : i);
-				memcpy(Memory + data.GetAddr() + dstOffset, &image.get()[srcOffset], linesize);
+				memcpy(Memory + (data.GetAddr() + dstOffset), &image.get()[srcOffset], linesize);
 			}
 		}
 		else
@@ -236,7 +236,7 @@ int cellJpgDecDecodeData(u32 mainHandle, u32 subHandle, mem8_ptr_t data, const m
 					output[j + 2] = image.get()[srcOffset + j + 1];
 					output[j + 3] = image.get()[srcOffset + j + 2];
 				}
-				memcpy(Memory + data.GetAddr() + dstOffset, output, linesize);
+				memcpy(Memory + (data.GetAddr() + dstOffset), output, linesize);
 			}
 			free(output);
 		}
diff --git a/rpcs3/Emu/SysCalls/Modules/cellPngDec.cpp b/rpcs3/Emu/SysCalls/Modules/cellPngDec.cpp
index 735054e89d..d7a03013e7 100644
--- a/rpcs3/Emu/SysCalls/Modules/cellPngDec.cpp
+++ b/rpcs3/Emu/SysCalls/Modules/cellPngDec.cpp
@@ -240,7 +240,7 @@ int cellPngDecDecodeData(u32 mainHandle, u32 subHandle, mem8_ptr_t data, const m
 			{
 				const int dstOffset = i * bytesPerLine;
 				const int srcOffset = width * nComponents * (flip ? height - i - 1 : i);
-				memcpy(Memory + data.GetAddr() + dstOffset, &image.get()[srcOffset], linesize);
+				memcpy(Memory + (data.GetAddr() + dstOffset), &image.get()[srcOffset], linesize);
 			}
 		}
 		else
@@ -270,7 +270,7 @@ int cellPngDecDecodeData(u32 mainHandle, u32 subHandle, mem8_ptr_t data, const m
 					output[j + 2] = image.get()[srcOffset + j + 1];
 					output[j + 3] = image.get()[srcOffset + j + 2];
 				}
-				memcpy(Memory + data.GetAddr() + dstOffset, output, linesize);
+				memcpy(Memory + (data.GetAddr() + dstOffset), output, linesize);
 			}
 			free(output);
 		}
diff --git a/rpcs3/Emu/SysCalls/Modules/cellSync.cpp b/rpcs3/Emu/SysCalls/Modules/cellSync.cpp
index 04013930dd..b5a509e264 100644
--- a/rpcs3/Emu/SysCalls/Modules/cellSync.cpp
+++ b/rpcs3/Emu/SysCalls/Modules/cellSync.cpp
@@ -618,7 +618,7 @@ s32 cellSyncQueuePush(mem_ptr_t<CellSyncQueue> queue, u32 buffer_addr)
 	}
 
 	// prx: memcpy(position * m_size + m_addr, buffer_addr, m_size), sync
-	memcpy(Memory + (u64)queue->m_addr + position * size, Memory + buffer_addr, size);
+	memcpy(Memory + ((u64)queue->m_addr + position * size), Memory + buffer_addr, size);
 
 	// prx: atomically insert 0 in 5th u8
 	while (true)
@@ -670,7 +670,7 @@ s32 cellSyncQueueTryPush(mem_ptr_t<CellSyncQueue> queue, u32 buffer_addr)
 		if (InterlockedCompareExchange(&queue->m_data(), new_queue.m_data(), old_data) == old_data) break;
 	}
 
-	memcpy(Memory + (u64)queue->m_addr + position * size, Memory + buffer_addr, size);
+	memcpy(Memory + ((u64)queue->m_addr + position * size), Memory + buffer_addr, size);
 
 	while (true)
 	{
@@ -733,7 +733,7 @@ s32 cellSyncQueuePop(mem_ptr_t<CellSyncQueue> queue, u32 buffer_addr)
 	}
 
 	// prx: (sync), memcpy(buffer_addr, position * m_size + m_addr, m_size)
-	memcpy(Memory + buffer_addr, Memory + (u64)queue->m_addr + position * size, size);
+	memcpy(Memory + buffer_addr, Memory + ((u64)queue->m_addr + position * size), size);
 
 	// prx: atomically insert 0 in first u8
 	while (true)
@@ -785,7 +785,7 @@ s32 cellSyncQueueTryPop(mem_ptr_t<CellSyncQueue> queue, u32 buffer_addr)
 		if (InterlockedCompareExchange(&queue->m_data(), new_queue.m_data(), old_data) == old_data) break;
 	}
 
-	memcpy(Memory + buffer_addr, Memory + (u64)queue->m_addr + position * size, size);
+	memcpy(Memory + buffer_addr, Memory + ((u64)queue->m_addr + position * size), size);
 
 	while (true)
 	{
@@ -841,7 +841,7 @@ s32 cellSyncQueuePeek(mem_ptr_t<CellSyncQueue> queue, u32 buffer_addr)
 		if (InterlockedCompareExchange(&queue->m_data(), new_queue.m_data(), old_data) == old_data) break;
 	}
 
-	memcpy(Memory + buffer_addr, Memory + (u64)queue->m_addr + position * size, size);
+	memcpy(Memory + buffer_addr, Memory + ((u64)queue->m_addr + position * size), size);
 
 	while (true)
 	{
@@ -891,7 +891,7 @@ s32 cellSyncQueueTryPeek(mem_ptr_t<CellSyncQueue> queue, u32 buffer_addr)
 		if (InterlockedCompareExchange(&queue->m_data(), new_queue.m_data(), old_data) == old_data) break;
 	}
 
-	memcpy(Memory + buffer_addr, Memory + (u64)queue->m_addr + position * size, size);
+	memcpy(Memory + buffer_addr, Memory + ((u64)queue->m_addr + position * size), size);
 
 	while (true)
 	{
@@ -1015,7 +1015,7 @@ s32 syncLFQueueGetPushPointer(mem_ptr_t<CellSyncLFQueue> queue, s32& pointer, u3
 			CellSyncLFQueue new_queue;
 			new_queue.m_push1() = old_data;
 
-			if (!var0)
+			if (var0)
 			{
 				new_queue.m_h7 = 0;
 			}
@@ -1024,7 +1024,7 @@ s32 syncLFQueueGetPushPointer(mem_ptr_t<CellSyncLFQueue> queue, s32& pointer, u3
 				return CELL_SYNC_ERROR_STAT;
 			}
 
-			s32 var2 = (s16)new_queue.m_h8;
+			s32 var2 = (s32)(s16)new_queue.m_h8;
 			s32 res;
 			if (isBlocking && ((s32)(u16)new_queue.m_h5 != var2 || new_queue.m_h7.ToBE() != 0))
 			{
@@ -1168,13 +1168,16 @@ s32 syncLFQueueCompletePushPointer(mem_ptr_t<CellSyncLFQueue> queue, s32 pointer
 			var9_ = 1 << var9_;
 		}
 		s32 var9 = ~(u16)var9_ & ~(u16)queue->m_h6;
-		if ((u16)var9)
+		// count leading zeros in u16
 		{
-			var9 = __lzcnt16((u16)var9);
-		}
-		else
-		{
-			var9 = 16;
+			u16 v = var9;
+			for (var9 = 0; var9 < 16; var9++)
+			{
+				if (v & (1 << (15 - var9)))
+				{
+					break;
+				}
+			}
 		}
 		
 		s32 var5 = (s32)(u16)queue->m_h6 | var9_;
@@ -1343,7 +1346,7 @@ s32 _cellSyncLFQueuePushBody(mem_ptr_t<CellSyncLFQueue> queue, u32 buffer_addr,
 
 	s32 depth = (u32)queue->m_depth;
 	s32 size = (u32)queue->m_size;
-	memcpy(Memory + ((u64)queue->m_buffer & ~1ull) + size * (position > depth ? position - depth : position), Memory + buffer_addr, size);
+	memcpy(Memory + (((u64)queue->m_buffer & ~1ull) + size * (position > depth ? position - depth : position)), Memory + buffer_addr, size);
 
 	if (queue->m_direction.ToBE() != se32(CELL_SYNC_QUEUE_ANY2ANY))
 	{
@@ -1475,7 +1478,7 @@ s32 _cellSyncLFQueuePopBody(mem_ptr_t<CellSyncLFQueue> queue, u32 buffer_addr, u
 
 	s32 depth = (u32)queue->m_depth;
 	s32 size = (u32)queue->m_size;
-	memcpy(Memory + buffer_addr, Memory + ((u64)queue->m_buffer & ~1ull) + size * (position > depth ? position - depth : position), size);
+	memcpy(Memory + buffer_addr, Memory + (((u64)queue->m_buffer & ~1ull) + size * (position > depth ? position - depth : position)), size);
 
 	if (queue->m_direction.ToBE() != se32(CELL_SYNC_QUEUE_ANY2ANY))
 	{
diff --git a/rpcs3/Emu/SysCalls/Modules/sysPrxForUser.cpp b/rpcs3/Emu/SysCalls/Modules/sysPrxForUser.cpp
index cf41b0cf4f..e962354efe 100644
--- a/rpcs3/Emu/SysCalls/Modules/sysPrxForUser.cpp
+++ b/rpcs3/Emu/SysCalls/Modules/sysPrxForUser.cpp
@@ -149,7 +149,7 @@ int sys_raw_spu_image_load(int id, mem_ptr_t<sys_spu_image> img)
 {
 	sysPrxForUser->Warning("sys_raw_spu_image_load(id=0x%x, img_addr=0x%x)", id, img.GetAddr());
 
-	memcpy(Memory + RAW_SPU_BASE_ADDR + RAW_SPU_OFFSET * id, Memory + (u32)img->segs_addr, 256 * 1024);
+	memcpy(Memory + (RAW_SPU_BASE_ADDR + RAW_SPU_OFFSET * id), Memory + (u32)img->segs_addr, 256 * 1024);
 	Memory.Write32(RAW_SPU_BASE_ADDR + RAW_SPU_OFFSET * id + RAW_SPU_PROB_OFFSET + SPU_NPC_offs, (u32)img->entry_point);
 
 	return CELL_OK;