From 5d61048c05fc4ae1d0f58e0eb16c5a4ac9fa03a8 Mon Sep 17 00:00:00 2001
From: Toni Wilen <twilen@winuae.net>
Date: Sat, 22 Sep 2018 20:29:00 +0300
Subject: [PATCH] Fix statefile buffer overflow disk is active and image had
 timing information.

---
 disk.cpp | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/disk.cpp b/disk.cpp
index d54916a3..4dc7cb32 100644
--- a/disk.cpp
+++ b/disk.cpp
@@ -4607,9 +4607,11 @@ uae_u8 *save_disk2 (int num, int *len, uae_u8 *dstptr)
 	int size = 0;
 	if (drv->motoroff == 0 && drv->buffered_side >= 0 && drv->tracklen > 0) {
 		m = 1;
-		if (drv->tracktiming[0])
-			m |= 2;
 		size += ((drv->tracklen + 15) * 2) / 8;
+		if (drv->tracktiming[0]) {
+			m |= 2;
+			size *= 2;
+		}
 	}
 	if (!m)
 		return NULL;
@@ -4626,9 +4628,9 @@ uae_u8 *save_disk2 (int num, int *len, uae_u8 *dstptr)
 	save_u32 (drv->skipoffset);
 	save_u32 (drv->indexoffset);
 	for (int j = 0; j < (drv->tracklen + 15) / 16; j++) {
-		save_u16 (drv->bigmfmbuf[j]);
+		save_u16(drv->bigmfmbuf[j]);
 		if (drv->tracktiming[0])
-			save_u16 (drv->tracktiming[j]);
+			save_u16(drv->tracktiming[j]);
 	}
 	save_u16 (drv->revolutions);
 
-- 
2.47.3