Permalink
Browse files
GB Video: Prevent BCPS and OCPS from going negative
- Loading branch information...
Showing
with
10 additions
and
0 deletions.
-
+8
−0
src/gb/serialize.c
-
+2
−0
src/gb/video.c
|
|
@@ -142,6 +142,14 @@ bool GBDeserialize(struct GB* gb, const struct GBSerializedState* state) { |
|
|
mLOG(GB_STATE, WARN, "Savestate is corrupted: DMA destination is out of range");
|
|
|
error = true;
|
|
|
}
|
|
|
+ LOAD_16LE(ucheck16, 0, &state->video.bcpIndex);
|
|
|
+ if (ucheck16 >= 0x40) {
|
|
|
+ mLOG(GB_STATE, WARN, "Savestate is corrupted: BCPS is out of range");
|
|
|
+ }
|
|
|
+ LOAD_16LE(ucheck16, 0, &state->video.ocpIndex);
|
|
|
+ if (ucheck16 >= 0x40) {
|
|
|
+ mLOG(GB_STATE, WARN, "Savestate is corrupted: OCPS is out of range");
|
|
|
+ }
|
|
|
if (error) {
|
|
|
return false;
|
|
|
}
|
|
|
|
|
|
@@ -482,7 +482,9 @@ void GBVideoDeserialize(struct GBVideo* video, const struct GBSerializedState* s |
|
|
video->bcpIncrement = GBSerializedVideoFlagsGetBcpIncrement(flags);
|
|
|
video->ocpIncrement = GBSerializedVideoFlagsGetOcpIncrement(flags);
|
|
|
LOAD_16LE(video->bcpIndex, 0, &state->video.bcpIndex);
|
|
|
+ video->bcpIndex &= 0x3F;
|
|
|
LOAD_16LE(video->ocpIndex, 0, &state->video.ocpIndex);
|
|
|
+ video->ocpIndex &= 0x3F;
|
|
|
|
|
|
size_t i;
|
|
|
for (i = 0; i < 64; ++i) {
|
|
|
|
0 comments on commit
4c38f76