From 6822b8cabe2bca29944fe88f18226f1b89eab055 Mon Sep 17 00:00:00 2001
From: Jeffrey Pfau <jeffrey@endrift.com>
Date: Tue, 11 Aug 2015 01:16:57 -0700
Subject: [PATCH] GBA: Ensure cycles never go negative

---
 CHANGES             | 1 +
 src/gba/gba.c       | 5 +++++
 src/gba/serialize.c | 4 ++++
 3 files changed, 10 insertions(+)

diff --git a/CHANGES b/CHANGES
index e3fde14ff..c0be41bf4 100644
--- a/CHANGES
+++ b/CHANGES
@@ -71,6 +71,7 @@ Bugfixes:
  - Qt: Fix passing command line options
  - Qt: Fix crashes on Windows by using using QMetaObject to do cross-thread calls
  - GBA Video: Fix timing on first scanline
+ - GBA: Ensure cycles never go negative
 Misc:
  - Qt: Handle saving input settings better
  - Debugger: Free watchpoints in addition to breakpoints
diff --git a/src/gba/gba.c b/src/gba/gba.c
index c221f587f..b5fdf83ac 100644
--- a/src/gba/gba.c
+++ b/src/gba/gba.c
@@ -184,6 +184,11 @@ static void GBAProcessEvents(struct ARMCore* cpu) {
 		int32_t cycles = cpu->nextEvent;
 		int32_t nextEvent = INT_MAX;
 		int32_t testEvent;
+#ifndef NDEBUG
+		if (cycles < 0) {
+			GBALog(gba, GBA_LOG_FATAL, "Negative cycles passed: %i", cycles);
+		}
+#endif
 
 		gba->bus = cpu->prefetch[1];
 		if (cpu->executionMode == MODE_THUMB) {
diff --git a/src/gba/serialize.c b/src/gba/serialize.c
index e7aa56fac..e58635bc4 100644
--- a/src/gba/serialize.c
+++ b/src/gba/serialize.c
@@ -87,6 +87,10 @@ bool GBADeserialize(struct GBA* gba, const struct GBASerializedState* state) {
 		GBALog(gba, GBA_LOG_WARN, "Savestate is corrupted: CPU cycles are negative");
 		error = true;
 	}
+	if (state->cpu.nextEvent < 0) {
+		GBALog(gba, GBA_LOG_WARN, "Savestate is corrupted: Next event is negative");
+		error = true;
+	}
 	if (state->video.eventDiff < 0) {
 		GBALog(gba, GBA_LOG_WARN, "Savestate is corrupted: video eventDiff is negative");
 		error = true;