From 1de37306a521a3ee22f1f6703fa9c2f8169dcacb Mon Sep 17 00:00:00 2001
From: liamwhite <liamwhite@users.noreply.github.com>
Date: Tue, 27 Feb 2024 09:39:11 -0500
Subject: [PATCH] buffer_cache: avoid overflow in usage tracker (#13166)

---
 src/video_core/buffer_cache/usage_tracker.h | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/video_core/buffer_cache/usage_tracker.h b/src/video_core/buffer_cache/usage_tracker.h
index 5f8688d318..ae511ccb69 100644
--- a/src/video_core/buffer_cache/usage_tracker.h
+++ b/src/video_core/buffer_cache/usage_tracker.h
@@ -26,6 +26,9 @@ public:
     void Track(u64 offset, u64 size) noexcept {
         const size_t page = offset >> PAGE_SHIFT;
         const size_t page_end = (offset + size) >> PAGE_SHIFT;
+        if (page_end < page || page_end >= pages.size()) {
+            return;
+        }
         TrackPage(page, offset, size);
         if (page == page_end) {
             return;
@@ -41,6 +44,9 @@ public:
     [[nodiscard]] bool IsUsed(u64 offset, u64 size) const noexcept {
         const size_t page = offset >> PAGE_SHIFT;
         const size_t page_end = (offset + size) >> PAGE_SHIFT;
+        if (page_end < page || page_end >= pages.size()) {
+            return false;
+        }
         if (IsPageUsed(page, offset, size)) {
             return true;
         }