From 375f9352d280d8630aa7b504391517e44511d1a0 Mon Sep 17 00:00:00 2001
From: hovercraft-github <hovercraft@yandex.ru>
Date: Mon, 6 Feb 2017 16:21:24 +0800
Subject: [PATCH] Fixes #196 : Add EEPROM address boundary checks for
 read/write operations

---
 simavr/sim/avr_eeprom.c | 32 ++++++++++++++++++--------------
 1 file changed, 18 insertions(+), 14 deletions(-)

diff --git a/simavr/sim/avr_eeprom.c b/simavr/sim/avr_eeprom.c
index 376cec8..c348f3f 100644
--- a/simavr/sim/avr_eeprom.c
+++ b/simavr/sim/avr_eeprom.c
@@ -51,27 +51,31 @@ static void avr_eeprom_write(avr_t * avr, avr_io_addr_t addr, uint8_t v, void *
 		avr_cycle_timer_register(avr, 4, avr_eempe_clear, p);
 	}
 
+	uint16_t ee_addr;
+	if (p->r_eearh)
+		ee_addr = avr->data[p->r_eearl] | (avr->data[p->r_eearh] << 8);
+	else
+		ee_addr = avr->data[p->r_eearl];
+	if (((eempe && avr_regbit_get(avr, p->eepe)) || avr_regbit_get(avr, p->eere)) &&
+			ee_addr >= p->size) {
+		AVR_LOG(avr, LOG_ERROR, "EEPROM: *** %s address out of bounds: %04x > %04x,"
+								" wrapping to %04x (PC=%04x)\n",
+				eempe ? "Write" : "Read",
+				ee_addr, p->size-1, ee_addr & (p->size-1),
+				avr->pc);
+		ee_addr = ee_addr & (p->size-1);
+	}
 	if (eempe && avr_regbit_get(avr, p->eepe)) {	// write operation
-		uint16_t addr;
-		if (p->r_eearh)
-			addr = avr->data[p->r_eearl] | (avr->data[p->r_eearh] << 8);
-		else
-			addr = avr->data[p->r_eearl];
-	//	printf("eeprom write %04x <- %02x\n", addr, avr->data[p->r_eedr]);
-		p->eeprom[addr] = avr->data[p->r_eedr];	
+		//	printf("eeprom write %04x <- %02x\n", addr, avr->data[p->r_eedr]);
+		p->eeprom[ee_addr] = avr->data[p->r_eedr];
 		// Automatically clears that bit (?)
 		avr_regbit_clear(avr, p->eempe);
 
 		avr_cycle_timer_register_usec(avr, 3400, avr_eei_raise, p); // 3.4ms here
 	}
 	if (avr_regbit_get(avr, p->eere)) {	// read operation
-		uint16_t addr;
-		if (p->r_eearh)
-			addr = avr->data[p->r_eearl] | (avr->data[p->r_eearh] << 8);
-		else
-			addr = avr->data[p->r_eearl];
-		avr->data[p->r_eedr] = p->eeprom[addr];
-	//	printf("eeprom read %04x : %02x\n", addr, p->eeprom[addr]);
+		avr->data[p->r_eedr] = p->eeprom[ee_addr];
+		//	printf("eeprom read %04x : %02x\n", addr, p->eeprom[addr]);
 	}
 
 	// autocleared
-- 
2.39.5