From fe63a15e22444863cbb77b707178c44b668fc18f Mon Sep 17 00:00:00 2001
From: Henrik Rydgard <hrydgard@gmail.com>
Date: Sun, 4 Jan 2015 22:52:58 +0100
Subject: [PATCH] x86jit fpu regcache: Add extra invariant check for too-large
 mips register numbers

---
 Core/MIPS/x86/RegCacheFPU.cpp | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/Core/MIPS/x86/RegCacheFPU.cpp b/Core/MIPS/x86/RegCacheFPU.cpp
index 8a35bb0e8a..f17878dedb 100644
--- a/Core/MIPS/x86/RegCacheFPU.cpp
+++ b/Core/MIPS/x86/RegCacheFPU.cpp
@@ -615,6 +615,8 @@ static int MMShuffleSwapTo0(int lane) {
 
 void FPURegCache::StoreFromRegister(int i) {
 	_assert_msg_(JIT, !regs[i].location.IsImm(), "WTF - FPURegCache::StoreFromRegister - it's an imm");
+	_assert_msg_(JIT, i >= 0 && i < NUM_MIPS_FPRS, "WTF - FPURegCache::StoreFromRegister - invalid mipsreg %i PC=%08x", i, js_->compilerPC);
+
 	if (regs[i].away) {
 		X64Reg xr = regs[i].location.GetSimpleReg();
 		_assert_msg_(JIT, xr >= 0 && xr < NUM_X_FPREGS, "WTF - FPURegCache::StoreFromRegister - invalid reg: x %i (mr: %i). PC=%08x", (int)xr, i, js_->compilerPC);
@@ -944,6 +946,9 @@ int FPURegCache::SanityCheck() const {
 				hasMoreRegs = false;
 				continue;
 			}
+			if (xr.mipsRegs[j] >= NUM_MIPS_FPRS) {
+				return 13;
+			}
 			// We can't have a hole in the middle / front.
 			if (!hasMoreRegs)
 				return 9;