From e02e27b2b34e6240779ddeeacd3c2f2bd08e6f45 Mon Sep 17 00:00:00 2001
From: kd-11 <karokidii@gmail.com>
Date: Wed, 8 May 2019 17:16:15 +0300
Subject: [PATCH] rsx: Prevent out-of-bounds writes when resolving shader input
 textures - The target area can also have padding!

---
 rpcs3/Emu/RSX/Common/surface_store.h | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/rpcs3/Emu/RSX/Common/surface_store.h b/rpcs3/Emu/RSX/Common/surface_store.h
index b74cda1d63..4871bb3ad5 100644
--- a/rpcs3/Emu/RSX/Common/surface_store.h
+++ b/rpcs3/Emu/RSX/Common/surface_store.h
@@ -1280,10 +1280,17 @@ namespace rsx
 					if (LIKELY(this_address >= texaddr))
 					{
 						const auto offset = this_address - texaddr;
-						info.src_x = 0;
-						info.src_y = 0;
 						info.dst_y = (offset / required_pitch);
 						info.dst_x = (offset % required_pitch) / required_bpp;
+
+						if (UNLIKELY(info.dst_x >= required_width || info.dst_y >= required_height))
+						{
+							// Out of bounds
+							continue;
+						}
+
+						info.src_x = 0;
+						info.src_y = 0;
 						info.width = std::min<u32>(normalized_surface_width, required_width - info.dst_x);
 						info.height = std::min<u32>(normalized_surface_height, required_height - info.dst_y);
 					}