The previous fix for #174 was buggy

snesrev · snesrev · commit 366da3c3d266 · 2023-03-08T22:29:59.000+01:00
diff --git a/player.c b/player.c
@@ -3556,7 +3556,8 @@ void Link_APress_LiftCarryThrow() {  // 87b1ca
   } else {
     static const uint8 kLiftTab0[10] = { 8, 24, 8, 24, 8, 32, 6, 8, 13, 13 };
     static const uint8 kLiftTab1[10] = { 0, 1, 0, 1, 0, 1, 0, 1, 2, 3 };
-    static const uint8 kLiftTab2[] = { 6, 7, 7, 5 };
+    static const uint8 kLiftTab2[29] = { 6, 7, 7, 5, 10, 0, 23, 0, 18, 0, 18, 0, 8, 0, 8, 0, 254, 255, 17, 0, 
+        0x54, 0x52, 0x50, 0xFF, 0x51, 0x53, 0x55, 0x56, 0x57 };
 
     if (player_handler_timer != 0) {
       if (player_handler_timer + 1 != 9) {
@@ -3576,7 +3577,7 @@ void Link_APress_LiftCarryThrow() {  // 87b1ca
       }
     } else {
       // fix OOB read triggered when lifting for too long
-      if (some_animation_timer_steps >= 3)
+      if (some_animation_timer_steps >= sizeof(kLiftTab2) - 1)
         return;
       some_animation_timer = kLiftTab2[++some_animation_timer_steps];
       assert(some_animation_timer_steps < arraysize(kLiftTab2));
diff --git a/snes/cpu.c b/snes/cpu.c
@@ -741,7 +741,7 @@ static void cpu_doOpcode(Cpu* cpu, uint8_t opcode) {
       uint32_t addr = (cpu->k << 16) | cpu->pc;
       switch (addr - 1) {
       case 0x7B269:  // Link_APress_LiftCarryThrow reads OOB
-        if ((cpu->x & 0xff) >= 3)
+        if ((cpu->x & 0xff) >= 28)
           cpu->pc = 0xB280; // RTS
         opcode = 0xE8;
         goto RESTART;
