From 72c778c3bfb25262498af6a21e8dec828a28be19 Mon Sep 17 00:00:00 2001 From: Jason Benaim Date: Wed, 23 May 2018 23:23:45 -0400 Subject: [PATCH] Fix segfault when DMAing past the end of cart ROM. When a game triggers a DMA from the cart ROM area to RDRAM, part or all of the DMA'd area is not covered by the currently-loaded ROM, cen64 treats it as a series of reads from open-bus. A bug in the code that handles this case was causing segfaults. Hat-tip to cen64 user Grim who provided a test rom that triggered this bug. His test ROM was less than (1 MB + 4 KB) in size, which was causing the initial 1MB DMA to trigger this bug. --- pi/controller.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pi/controller.c b/pi/controller.c index 17958fd00..439451689 100644 --- a/pi/controller.c +++ b/pi/controller.c @@ -138,7 +138,7 @@ static int pi_dma_write(struct pi_controller *pi) { for (i = (pi->regs[PI_CART_ADDR_REG] + pi->rom_size + 3) & ~0x3; i < pi->regs[PI_CART_ADDR_REG] + length; i += 4) { uint32_t word = (i >> 16) | (i & 0xFFFF0000); - memcpy(pi->bus->ri->ram + dest + i, &word, sizeof(word)); + memcpy(pi->bus->ri->ram + dest, &word, sizeof(word)); } length = pi->rom_size - source;