From 4f4c9594ac77c74ef63a8b4208343ddf06669797 Mon Sep 17 00:00:00 2001
From: Exzap <13877693+Exzap@users.noreply.github.com>
Date: Sun, 22 Jun 2025 22:17:29 +0200
Subject: [PATCH] GX2: Fix command buffer padding writing out of bounds

---
 src/Cafe/OS/libs/gx2/GX2_Command.cpp | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/Cafe/OS/libs/gx2/GX2_Command.cpp b/src/Cafe/OS/libs/gx2/GX2_Command.cpp
index 6699e1e1..d12bf210 100644
--- a/src/Cafe/OS/libs/gx2/GX2_Command.cpp
+++ b/src/Cafe/OS/libs/gx2/GX2_Command.cpp
@@ -144,6 +144,11 @@ namespace GX2
 
 	void GX2Command_StartNewCommandBuffer(uint32 numU32s)
 	{
+		// On submission command buffers are padded to 32 byte alignment
+		// but nowhere is it guaranteed that internal command buffers have their size aligned to 32 byte (even on console, but testing is required)
+		// Thus the padding can write out of bounds but this seems to trigger only very rarely in partice. As a workaround we always pad the command buffer size to 32 bytes here
+		numU32s = (numU32s + 7) & ~0x7;
+
 		uint32 coreIndex = coreinit::OSGetCoreId();
 		auto& coreCBState = s_perCoreCBState[coreIndex];
 		numU32s = std::max<uint32>(numU32s, 0x100);