|
|
@@ -89,6 +89,7 @@ bool GBDeserialize(struct GB* gb, const struct GBSerializedState* state) { |
|
|
int32_t check;
|
|
|
uint32_t ucheck;
|
|
|
int16_t check16;
|
|
|
+ uint16_t ucheck16;
|
|
|
LOAD_32LE(ucheck, 0, &state->versionMagic);
|
|
|
if (ucheck > GB_SAVESTATE_MAGIC + GB_SAVESTATE_VERSION) {
|
|
|
mLOG(GB_STATE, WARN, "Invalid or too new savestate: expected %08X, got %08X", GB_SAVESTATE_MAGIC + GB_SAVESTATE_VERSION, ucheck);
|
|
|
@@ -126,11 +127,16 @@ bool GBDeserialize(struct GB* gb, const struct GBSerializedState* state) { |
|
|
mLOG(GB_STATE, WARN, "Savestate is corrupted: video eventDiff is negative");
|
|
|
error = true;
|
|
|
}
|
|
|
- LOAD_32LE(check16, 0, &state->video.ly);
|
|
|
+ LOAD_16LE(check16, 0, &state->video.ly);
|
|
|
if (check16 < 0 || check16 > GB_VIDEO_VERTICAL_TOTAL_PIXELS) {
|
|
|
mLOG(GB_STATE, WARN, "Savestate is corrupted: video y is out of range");
|
|
|
error = true;
|
|
|
}
|
|
|
+ LOAD_16LE(ucheck16, 0, &state->memory.dmaDest);
|
|
|
+ if (ucheck16 >= GB_SIZE_OAM) {
|
|
|
+ mLOG(GB_STATE, WARN, "Savestate is corrupted: DMA destination is out of range");
|
|
|
+ error = true;
|
|
|
+ }
|
|
|
if (error) {
|
|
|
return false;
|
|
|
}
|
|
|
|
0 comments on commit
ff788a0