From: Toni Wilen <twilen@winuae.net>
Date: Sun, 11 Dec 2022 14:04:50 +0000 (+0200)
Subject: Fix out of bounds array access
X-Git-Tag: 41000~9
X-Git-Url: https://git.unchartedbackwaters.co.uk/w/?a=commitdiff_plain;h=55132ea8c67a07ba5e3817858ea3422249f985e0;p=francis%2Fwinuae.git

Fix out of bounds array access
---

diff --git a/custom.cpp b/custom.cpp
index 196d92e6..3678e649 100644
--- a/custom.cpp
+++ b/custom.cpp
@@ -405,6 +405,7 @@ int sprite_buffer_res;
 
 uae_u8 cycle_line_slot[MAX_CHIPSETSLOTS + RGA_PIPELINE_ADJUST];
 uae_u16 cycle_line_pipe[MAX_CHIPSETSLOTS + RGA_PIPELINE_ADJUST];
+static uae_u8 cycle_line_slot_last;
 
 static uae_s16 bpl1mod, bpl2mod, bpl1mod_prev, bpl2mod_prev;
 static int bpl1mod_hpos, bpl2mod_hpos;
@@ -11934,6 +11935,7 @@ static void hsync_handler_pre(bool onvsync)
 	else
 		lol = 0;
 
+	cycle_line_slot_last = cycle_line_slot[maxhpos - 1];
 	set_hpos();
 
 	// to record decisions correctly between end of scanline and start of hsync
@@ -13738,9 +13740,15 @@ writeonly:
 			// - if last cycle was DMA cycle: DMA cycle data
 			// - if last cycle was not DMA cycle: FFFF or some ANDed old data.
 			//
-			int hp = (hpos - 1) % maxhpos;
-			c = cycle_line_slot[hp] & CYCLE_MASK;
-			bmdma = bitplane_dma_access(hp, 0);
+			if (hpos == 0) {
+				int hp = maxhpos - 1;
+				c = cycle_line_slot_last & CYCLE_MASK;
+				bmdma = bitplane_dma_access(hp, 0);
+			} else {
+				int hp = hpos - 1;
+				c = cycle_line_slot[hp] & CYCLE_MASK;
+				bmdma = bitplane_dma_access(hp, 0);
+			}
 			if (aga_mode) {
 				if (bmdma || (c > CYCLE_REFRESH && c < CYCLE_CPU)) {
 					v = regs.chipset_latch_rw;