From 247904f0198fc386bd29f0eb9b09f2eb19c2e7aa Mon Sep 17 00:00:00 2001
From: Martin Michelsen <fuzziqersoftware+g@gmail.com>
Date: Thu, 3 Nov 2022 00:40:51 -0700
Subject: [PATCH] fix bounds on ep3 patch handler code copy

---
 system/ppc/Episode3USAQuestBufferOverflow.s | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/system/ppc/Episode3USAQuestBufferOverflow.s b/system/ppc/Episode3USAQuestBufferOverflow.s
index e6cb1c94..82fa01b5 100644
--- a/system/ppc/Episode3USAQuestBufferOverflow.s
+++ b/system/ppc/Episode3USAQuestBufferOverflow.s
@@ -262,11 +262,11 @@ get_handle_B2_end_ptr:
   # Copy handle_B2 to 8000BD80, which is normally unused by the game
   lis     r12, 0x8000
   ori     r12, r12, 0xBD80 # r12 = 0x8000BD80
-  subi    r8, r12, 4 # r8 = r12 - 4 (so we can use stwu)
-  subi    r9, r9, 4 # r9 = r9 - 4 (so we can use lwzu)
   sub     r7, r10, r9
   rlwinm  r7, r7, 30, 2, 31 # r7 = number of words to copy
   mtctr   r7
+  subi    r8, r12, 4 # r8 = r12 - 4 (so we can use stwu)
+  subi    r9, r9, 4 # r9 = r9 - 4 (so we can use lwzu)
 copy_handle_B2_word_again:
   lwzu    r0, [r9 + 4]
   stwu    [r8 + 4], r0