From 679714985c9ad6bff7e5c935f669726b9130c0e3 Mon Sep 17 00:00:00 2001
From: rofl0r <rofl0r@users.noreply.github.com>
Date: Sun, 29 Aug 2021 07:02:11 +0000
Subject: [PATCH] 1.0.4-pre backport: fixed a possible out-of-bounds access

this is likely the change refered in the original 1.0.4-pre svn
dump ( 9859b44888b00c0835c0c4997f5f2ae4f6dfaf52 ) as:

> fixed a possible out-of-bounds access which could allow a hacked savestate to
> crash gnuboy and possibly run arbitrary code on the host machine. Challenge:
> +try to find a way to exploit it
---
 mem.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/mem.c b/mem.c
index 657c407..6315d77 100644
--- a/mem.c
+++ b/mem.c
@@ -32,7 +32,10 @@ void mem_updatemap()
 {
 	int n;
 	byte **map;
-	
+
+	mbc.rombank &= (mbc.romsize - 1);
+	mbc.rambank &= (mbc.ramsize - 1);
+
 	map = mbc.rmap;
 	map[0x0] = rom.bank[0];
 	map[0x1] = rom.bank[0];
@@ -433,8 +436,6 @@ void mbc_write(int a, byte b)
 		}
 		break;
 	}
-	mbc.rombank &= (mbc.romsize - 1);
-	mbc.rambank &= (mbc.ramsize - 1);
 	/* printf("%02X\n", mbc.rombank); */
 	mem_updatemap();
 }
-- 
2.11.4.GIT