From e130ec64a787241f45d3ea6fb6c0d288259d6d3e Mon Sep 17 00:00:00 2001
From: sum2012 <consignpo@gmail.com>
Date: Tue, 22 Oct 2013 20:57:07 +0800
Subject: [PATCH] Fix DmacMemcpy and sceDmacTryMemcpy by @unknownbrackets

Fix Ikki Tousen - Eloquent Fist crash
---
 Core/HLE/sceDmac.cpp | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/Core/HLE/sceDmac.cpp b/Core/HLE/sceDmac.cpp
index 1706bdf609..5d9d8d3022 100644
--- a/Core/HLE/sceDmac.cpp
+++ b/Core/HLE/sceDmac.cpp
@@ -67,7 +67,10 @@ u32 sceDmacMemcpy(u32 dst, u32 src, u32 size) {
 		ERROR_LOG(HLE, "sceDmacMemcpy(dest=%08x, src=%08x, size=%i): invalid address", dst, src, size);
 		return SCE_KERNEL_ERROR_INVALID_POINTER;
 	}
-
+	if (dst + size >= 0x80000000 || src + size >= 0x80000000) {
+		ERROR_LOG(HLE, "sceDmacMemcpy(dest=%08x, src=%08x, size=%i): illegal size", dst, src, size);
+		return 0x80000023;
+	}
 	if (dmacMemcpyDeadline > CoreTiming::GetTicks()) {
 		WARN_LOG_REPORT(HLE, "sceDmacMemcpy(dest=%08x, src=%08x, size=%i): overlapping read", dst, src, size);
 		// TODO: Should block, seems like copy doesn't start until previous finishes.
@@ -88,6 +91,10 @@ u32 sceDmacTryMemcpy(u32 dst, u32 src, u32 size) {
 		ERROR_LOG(HLE, "sceDmacTryMemcpy(dest=%08x, src=%08x, size=%i): invalid address", dst, src, size);
 		return SCE_KERNEL_ERROR_INVALID_POINTER;
 	}
+	if (dst + size >= 0x80000000 || src + size >= 0x80000000) {
+		ERROR_LOG(HLE, "sceDmacTryMemcpy(dest=%08x, src=%08x, size=%i): illegal size", dst, src, size);
+		return 0x80000023;
+	}
 
 	if (dmacMemcpyDeadline > CoreTiming::GetTicks()) {
 		DEBUG_LOG(HLE, "sceDmacTryMemcpy(dest=%08x, src=%08x, size=%i): busy", dst, src, size);