GB Serialize: Prevent loading invalid states where LY >= 144 in modes…

… other than 1
mgba-emu · Jul 20, 2024 · 09f4564 · 09f4564
1 parent eb1b571
commit 09f4564
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 0 deletions.
diff --git a/CHANGES b/CHANGES
@@ -24,6 +24,7 @@ Other fixes:
  - Debugger: Fix writing to specific segment in command-line debugger
  - GB: Fix uninitialized save data when loading undersized temporary saves
  - GB, GBA Core: Fix memory leak if reloading debug symbols
+ - GB Serialize: Prevent loading invalid states where LY >= 144 in modes other than 1
  - GBA Audio: Fix crash if audio FIFOs and timers get out of sync
  - GBA Audio: Fix crash in audio subsampling if timing lockstep breaks
  - GBA Core: Fix loading symbols from ELF files if the file doesn't end with .elf

diff --git a/src/gb/serialize.c b/src/gb/serialize.c
@@ -122,6 +122,13 @@ bool GBDeserialize(struct GB* gb, const struct GBSerializedState* state) {
 		mLOG(GB_STATE, WARN, "Savestate is corrupted: video y is out of range");
 		error = true;
 	}
+
+	GBSerializedVideoFlags videoFlags = state->video.flags;
+	if (check16 >= GB_VIDEO_VERTICAL_PIXELS && GBSerializedVideoFlagsGetMode(videoFlags) != 1) {
+		mLOG(GB_STATE, WARN, "Savestate is corrupted: video y is in vblank but mode is not vblank");
+		error = true;
+	}
+
 	LOAD_16LE(ucheck16, 0, &state->memory.dmaDest);
 	if (ucheck16 + state->memory.dmaRemaining > GB_SIZE_OAM) {
 		mLOG(GB_STATE, WARN, "Savestate is corrupted: DMA destination is out of range");