add asserts to prevent array overflow or nullpointer access

src/emu/sound/upd7759.c

@@ -594,7 +594,8 @@ static DEVICE_RESET( upd7759 )
 
 static void upd7759_postload(upd7759_state *chip)
 {
-	chip->rom = chip->rombase + chip->romoffset;
+	if (chip->rombase)
+		chip->rom = chip->rombase + chip->romoffset;
 }
 
 
@@ -654,8 +655,10 @@ static DEVICE_START( upd7759 )
 	/* compute the ROM base or allocate a timer */
 	chip->romoffset = 0;
 	chip->rom = chip->rombase = *device->region();
-	if (chip->rom == NULL)
+	if (chip->rombase == NULL)
 		chip->timer = device->machine().scheduler().timer_alloc(FUNC(upd7759_slave_update), chip);
+	else
+		assert((device->region()->bytes() & 0x1ffff) == 0);
 
 	/* set the DRQ callback */
 	chip->drqcallback = intf->drqcallback;
@@ -736,6 +739,7 @@ int upd7759_busy_r(device_t *device)
 void upd7759_set_bank_base(device_t *device, UINT32 base)
 {
 	upd7759_state *chip = get_safe_token(device);
+	assert(chip->rombase != NULL);
 	chip->rom = chip->rombase + base;
 	chip->romoffset = base;
 }

src/mame/drivers/homerun.c

@@ -361,7 +361,7 @@ ROM_START( homerun )
 	ROM_REGION( 0x20000, "gfx2", 0 )
 	ROM_LOAD( "homerun.ic120",  0x00000, 0x20000, CRC(52f0709b) SHA1(19e675bcccadb774f60ec5929fc1fb5cf0d3f617) )
 
-	ROM_REGION( 0x08000, "d7756c", ROMREGION_ERASE00 )
+	ROM_REGION( 0x20000, "d7756c", ROMREGION_ERASE00 )
 	ROM_LOAD( "d7756c.ic98",    0x00000, 0x08000, NO_DUMP ) /* D7756C built-in rom */
 ROM_END
 
@@ -377,7 +377,7 @@ ROM_START( dynashot )
 	ROM_REGION( 0x20000, "gfx2", 0 )
 	ROM_LOAD( "2.ic120",        0x00000, 0x20000, CRC(bedf7b98) SHA1(cb6c5fcaf8df5f5c7636c3c8f79b9dda78e30c2e) )
 
-	ROM_REGION( 0x08000, "d7756c", ROMREGION_ERASE00 )
+	ROM_REGION( 0x20000, "d7756c", ROMREGION_ERASE00 )
 	ROM_LOAD( "d7756c.ic98",    0x00000, 0x08000, NO_DUMP ) /* D7756C built-in rom */
 ROM_END
 
@@ -393,7 +393,7 @@ ROM_START( ganjaja )
 	ROM_REGION( 0x20000, "gfx2", 0 )
 	ROM_LOAD( "2.ic120",        0x00000, 0x20000, CRC(e65d4d57) SHA1(2ec9e5bdaa94b808573313b6eca657d798004b53) )
 
-	ROM_REGION( 0x08000, "d7756c", 0 )
+	ROM_REGION( 0x20000, "d7756c", ROMREGION_ERASE00 )
 	ROM_LOAD( "d77p56cr.ic98",  0x00000, 0x08000, CRC(06a234ac) SHA1(b4ceff3f9f78551cf4a085642e162e33b266f067) ) /* D77P56CR OTP rom (One-Time Programmable, note the extra P) */
 ROM_END
 

src/mame/drivers/snk68.c

@@ -665,7 +665,7 @@ ROM_START( pow )
 	ROM_LOAD16_BYTE( "snk880.22a", 0x1c0000, 0x20000, CRC(aa9c00d8) SHA1(1017ed1cc036c6084b71204a998fd05557a6e59f) )
 	ROM_LOAD16_BYTE( "snk880.26a", 0x1c0001, 0x20000, CRC(9bc261c5) SHA1(f07fef465191d48ccc149d1a62e6382d3fc0ef9f) )
 
-	ROM_REGION( 0x10000, "upd", 0 )	/* UPD7759 samples */
+	ROM_REGION( 0x20000, "upd", ROMREGION_ERASE00 )	/* UPD7759 samples */
 	ROM_LOAD( "dg7.d20",  0x000000, 0x10000, CRC(aba9a9d3) SHA1(5098cd3a064b8ede24797de8879a277d79e79d75) )
 
 	ROM_REGION( 0x0100, "plds", 0 )
@@ -702,7 +702,7 @@ ROM_START( powj )
 	ROM_LOAD16_BYTE( "snk880.22a", 0x1c0000, 0x20000, CRC(aa9c00d8) SHA1(1017ed1cc036c6084b71204a998fd05557a6e59f) )
 	ROM_LOAD16_BYTE( "snk880.26a", 0x1c0001, 0x20000, CRC(9bc261c5) SHA1(f07fef465191d48ccc149d1a62e6382d3fc0ef9f) )
 
-	ROM_REGION( 0x10000, "upd", 0 )	/* UPD7759 samples */
+	ROM_REGION( 0x20000, "upd", ROMREGION_ERASE00 )	/* UPD7759 samples */
 	ROM_LOAD( "dg7.d20",  0x000000, 0x10000, CRC(aba9a9d3) SHA1(5098cd3a064b8ede24797de8879a277d79e79d75) )
 
 	ROM_REGION( 0x0100, "plds", 0 )