Core: Fix IPL device m_cursor overflow

Not sure if the behavior I'm implementing here is what real hardware does, but since this is a buffer overflow, I'd like to get it fixed quickly. Hardware verification can happen later. https://bugs.dolphin-emu.org/issues/13506
dolphin-emu · Mar 25, 2024 · 8fafcc3 · 8fafcc3
1 parent d57c68a
commit 8fafcc3
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/Source/Core/Core/HW/EXI/EXI_DeviceIPL.cpp b/Source/Core/Core/HW/EXI/EXI_DeviceIPL.cpp
@@ -320,6 +320,8 @@ void CEXIIPL::TransferByte(u8& data)
       if (!m_command.is_write())
       {
         u32 dev_addr = address - ROM_BASE + m_cursor++;
+        // TODO: Is this address wrapping correct?
+        dev_addr %= ROM_SIZE;
         // Technically we should descramble here iff descrambling logic is enabled.
         // At the moment, we pre-decrypt the whole thing and
         // ignore the "enabled" bit - see CEXIIPL::CEXIIPL
@@ -346,6 +348,8 @@ void CEXIIPL::TransferByte(u8& data)
     {
       auto& sram = m_system.GetSRAM();
       u32 dev_addr = address - SRAM_BASE + m_cursor++;
+      // TODO: Is this address wrapping correct?
+      dev_addr %= SRAM_SIZE;
       if (m_command.is_write())
         sram[dev_addr] = data;
       else