From 0fce753d93e436981b1a021719ea630c727d2765 Mon Sep 17 00:00:00 2001
From: TheLastRar <TheLastRar@users.noreply.github.com>
Date: Wed, 27 Nov 2024 17:57:42 +0000
Subject: [PATCH 1/2] SaveState: Bounds check FreezeMem loads

---
 pcsx2/SaveState.cpp | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pcsx2/SaveState.cpp b/pcsx2/SaveState.cpp
index 36bb2eec5c62e..e8917a9e2639b 100644
--- a/pcsx2/SaveState.cpp
+++ b/pcsx2/SaveState.cpp
@@ -315,6 +315,9 @@ memLoadingState::memLoadingState(const VmStateBuffer& load_from)
 // Loading of state data from a memory buffer...
 void memLoadingState::FreezeMem( void* data, int size )
 {
+	if (m_idx + size > m_memory.size())
+		m_error = true;
+
 	if (m_error)
 	{
 		std::memset(data, 0, size);

From 1e78842aa25a07efbf195304247233cb69337697 Mon Sep 17 00:00:00 2001
From: TheLastRar <TheLastRar@users.noreply.github.com>
Date: Wed, 27 Nov 2024 18:09:52 +0000
Subject: [PATCH 2/2] [SAVEVERSION+] HostFS: Always write savestate tag

---
 pcsx2/IopBios.cpp | 14 +++++++-------
 pcsx2/SaveState.h |  2 +-
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/pcsx2/IopBios.cpp b/pcsx2/IopBios.cpp
index ee81e9f6db767..2c8617cb7f490 100644
--- a/pcsx2/IopBios.cpp
+++ b/pcsx2/IopBios.cpp
@@ -1423,19 +1423,19 @@ namespace R3000A
 
 bool SaveStateBase::handleFreeze()
 {
-	if (!EmuConfig.HostFs) //if hostfs isn't enabled, skip loading/saving file handles
-		return IsOkay();
-
-	if (IsLoading())
-		R3000A::ioman::reset();
-
 	if (!FreezeTag("hostHandles"))
 		return false;
 
+	if (EmuConfig.HostFs && IsLoading())
+		R3000A::ioman::reset();
+
 	const int firstfd = R3000A::ioman::firstfd;
-	size_t handleCount = R3000A::handles.size();
+	size_t handleCount = EmuConfig.HostFs ? R3000A::handles.size() : 0;
 	Freeze(handleCount);
 
+	if (!EmuConfig.HostFs) //if hostfs isn't enabled, skip loading/saving file handles
+		return IsOkay();
+
 	for (size_t i = 0; i < handleCount; i++)
 	{
 		if (IsLoading())
diff --git a/pcsx2/SaveState.h b/pcsx2/SaveState.h
index c86215af7accd..81c31fa35da8d 100644
--- a/pcsx2/SaveState.h
+++ b/pcsx2/SaveState.h
@@ -25,7 +25,7 @@ enum class FreezeAction
 // [SAVEVERSION+]
 // This informs the auto updater that the users savestates will be invalidated.
 
-static const u32 g_SaveVersion = (0x9A50 << 16) | 0x0000;
+static const u32 g_SaveVersion = (0x9A51 << 16) | 0x0000;
 
 
 // the freezing data between submodules and core