From b171038c85357117ecba29b16940f51c417b0939 Mon Sep 17 00:00:00 2001
From: Arisotura <thetotalworm@gmail.com>
Date: Thu, 22 Sep 2022 18:18:26 +0200
Subject: [PATCH] * do not copy more ROM banner data than actually needed *
 avoid trying to read out of bounds if the banner offset is bad

---
 src/NDSCart.cpp | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/src/NDSCart.cpp b/src/NDSCart.cpp
index 35418ebb..cdc26ef1 100644
--- a/src/NDSCart.cpp
+++ b/src/NDSCart.cpp
@@ -1584,6 +1584,9 @@ bool LoadROM(const u8* romdata, u32 romlen)
     if (CartInserted)
         EjectCart();
 
+    memset(&Header, 0, sizeof(Header));
+    memset(&Banner, 0, sizeof(Banner));
+
     CartROMSize = 0x200;
     while (CartROMSize < romlen)
         CartROMSize <<= 1;
@@ -1603,13 +1606,13 @@ bool LoadROM(const u8* romdata, u32 romlen)
 
     memcpy(&Header, CartROM, sizeof(Header));
 
-    if (!Header.BannerOffset)
+    u8 unitcode = Header.UnitCode;
+    bool dsi = (unitcode & 0x02) != 0;
+
+    size_t bannersize = dsi ? 0x23C0 : 0xA40;
+    if (Header.BannerOffset >= 0x200 && Header.BannerOffset < (CartROMSize - bannersize))
     {
-        memset(&Banner, 0, sizeof(Banner));
-    }
-    else
-    {
-        memcpy(&Banner, CartROM + Header.BannerOffset, sizeof(Banner));
+        memcpy(&Banner, CartROM + Header.BannerOffset, bannersize);
     }
 
     printf("Game code: %.4s\n", Header.GameCode);
@@ -1619,9 +1622,6 @@ bool LoadROM(const u8* romdata, u32 romlen)
                    (u32)Header.GameCode[1] << 8  |
                    (u32)Header.GameCode[0];
 
-    u8 unitcode = Header.UnitCode;
-    bool dsi = (unitcode & 0x02) != 0;
-
     u32 arm9base = Header.ARM9ROMOffset;
     bool homebrew = (arm9base < 0x4000) || (gamecode == 0x23232323);