From 32b5b11a830aa144a7a5a419d42200eefd01aeb6 Mon Sep 17 00:00:00 2001
From: Megamouse <studienricky89@googlemail.com>
Date: Sun, 25 Aug 2019 08:06:56 +0200
Subject: [PATCH] cellSaveData/overlays: prevent possible array out of bounds
 in list view

---
 rpcs3/Emu/Cell/Modules/cellSaveData.cpp        |  6 ++++++
 rpcs3/Emu/RSX/Overlays/overlay_list_view.cpp   | 14 +++++++++++++-
 rpcs3/Emu/RSX/Overlays/overlay_save_dialog.cpp |  7 +++++--
 3 files changed, 24 insertions(+), 3 deletions(-)

diff --git a/rpcs3/Emu/Cell/Modules/cellSaveData.cpp b/rpcs3/Emu/Cell/Modules/cellSaveData.cpp
index d6b9f79aad..7033c4aec2 100644
--- a/rpcs3/Emu/Cell/Modules/cellSaveData.cpp
+++ b/rpcs3/Emu/Cell/Modules/cellSaveData.cpp
@@ -208,6 +208,12 @@ static error_code select_and_delete(ppu_thread& ppu)
 			save_entries.erase(save_entries.cbegin() + selected);
 			selected = -1;
 
+			// Reset the focused index if the new list is empty
+			if (save_entries.empty())
+			{
+				focused = -1;
+			}
+
 			// Display success message (return value should be irrelevant here)
 			msg = "Successfully removed entry!\n\n" + info;
 			cellSaveData.success("%s", msg);
diff --git a/rpcs3/Emu/RSX/Overlays/overlay_list_view.cpp b/rpcs3/Emu/RSX/Overlays/overlay_list_view.cpp
index 02d9d8392c..79a7d46024 100644
--- a/rpcs3/Emu/RSX/Overlays/overlay_list_view.cpp
+++ b/rpcs3/Emu/RSX/Overlays/overlay_list_view.cpp
@@ -56,7 +56,19 @@ namespace rsx
 
 		void list_view::update_selection()
 		{
-			auto current_element = m_items[m_selected_entry * 2].get();
+			if (m_selected_entry < 0)
+			{
+				return; // Ideally unreachable but it should still be possible to recover by user interaction.
+			}
+
+			const size_t current_index = static_cast<size_t>(m_selected_entry) * 2;
+
+			if (m_items.size() <= current_index)
+			{
+				return; // Ideally unreachable but it should still be possible to recover by user interaction.
+			}
+
+			auto current_element = m_items[current_index].get();
 
 			// Calculate bounds
 			auto min_y = current_element->y - y;
diff --git a/rpcs3/Emu/RSX/Overlays/overlay_save_dialog.cpp b/rpcs3/Emu/RSX/Overlays/overlay_save_dialog.cpp
index 78e6e44604..561737d108 100644
--- a/rpcs3/Emu/RSX/Overlays/overlay_save_dialog.cpp
+++ b/rpcs3/Emu/RSX/Overlays/overlay_save_dialog.cpp
@@ -240,8 +240,11 @@ namespace rsx
 				m_no_saves = true;
 				m_list->set_cancel_only(true);
 			}
-
-			m_list->select_entry(focused);
+			else
+			{
+				// Only select an entry if there are entries available
+				m_list->select_entry(focused);
+			}
 
 			static_cast<label*>(m_description.get())->auto_resize();