From 6f114d0da54e9797f61acec741ab0e4aacac1321 Mon Sep 17 00:00:00 2001
From: Gabriel Ravier <gabravier@gmail.com>
Date: Tue, 17 Mar 2020 15:31:02 +0100
Subject: [PATCH 1/3] Bullet, Caret, NpcAct1{2,4,8}0, TextScr: Add a note about
 some overflow bugs

---
 src/Bullet.cpp    | 2 ++
 src/Caret.cpp     | 8 ++++++++
 src/NpcAct120.cpp | 6 ++++++
 src/NpcAct140.cpp | 1 +
 src/NpcAct180.cpp | 1 +
 src/TextScr.cpp   | 7 ++++---
 6 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/src/Bullet.cpp b/src/Bullet.cpp
index 668ec61f..1431e578 100644
--- a/src/Bullet.cpp
+++ b/src/Bullet.cpp
@@ -1642,6 +1642,8 @@ void ActBullet_Edge(BULLET *bul)
 		{96, 88, 120, 112},
 	};
 
+	// Note that 'bul->ani_no' can exceed the size of 'rcLeft' and 'rcRight'
+
 	if (bul->direct == 0)
 		bul->rect = rcLeft[bul->ani_no];
 	else
diff --git a/src/Caret.cpp b/src/Caret.cpp
index 3cc27dde..1463b789 100644
--- a/src/Caret.cpp
+++ b/src/Caret.cpp
@@ -76,6 +76,8 @@ void ActCaret01(CARET *crt)
 			crt->cond = 0;
 	}
 
+	// Note that 'crt->ani_no' can exceed the size of 'rcLeft' and 'rcRight'
+
 	if (crt->direct == 0)
 		crt->rect = rcLeft[crt->ani_no];
 	else
@@ -244,6 +246,8 @@ void ActCaret07(CARET *crt)
 			crt->cond = 0;
 	}
 
+	// Note that 'crt->ani_no' can exceed the size of rcLeft
+
 	crt->rect = rcLeft[crt->ani_no];
 
 	switch (crt->direct)
@@ -446,6 +450,8 @@ void ActCaret14(CARET *crt)
 			crt->cond = 0;
 	}
 
+	// Note that 'crt->ani_no' can exceed the size of 'rect'
+
 	crt->rect = rect[crt->ani_no];
 }
 
@@ -466,6 +472,8 @@ void ActCaret15(CARET *crt)
 			crt->cond = 0;
 	}
 
+	// Note that 'crt->ani_no' can exceed the size of 'rcLeft'
+
 	crt->rect = rcLeft[crt->ani_no];
 }
 
diff --git a/src/NpcAct120.cpp b/src/NpcAct120.cpp
index 1e0516e5..68e37bf5 100644
--- a/src/NpcAct120.cpp
+++ b/src/NpcAct120.cpp
@@ -588,6 +588,8 @@ void ActNpc127(NPCHAR *npc)
 			npc->cond = 0;
 	}
 
+	// Note that 'npc->ani_no' can exceed the size of 'rcH' and 'rcV'
+
 	if (npc->direct == 0)
 		npc->rect = rcH[npc->ani_no];
 	else
@@ -648,6 +650,8 @@ void ActNpc128(NPCHAR *npc)
 	if (++npc->ani_no > 4)
 		npc->cond = 0;
 
+	// Note that 'npc->ani_no' can exceed the bounds of 'rcLeft', 'rcUp', 'rcRight' and 'rcDown'
+
 	switch (npc->direct)
 	{
 		case 0:
@@ -702,6 +706,8 @@ void ActNpc129(NPCHAR *npc)
 
 	npc->y += npc->ym;
 
+	// Note that '(npc->direct * 3) + npc->ani_no' can exceed the size of 'rect'
+
 	npc->rect = rect[(npc->direct * 3) + npc->ani_no];
 }
 
diff --git a/src/NpcAct140.cpp b/src/NpcAct140.cpp
index d2f71171..f186a992 100644
--- a/src/NpcAct140.cpp
+++ b/src/NpcAct140.cpp
@@ -758,6 +758,7 @@ void ActNpc146(NPCHAR *npc)
 			break;
 	}
 
+	// Note that 'npc->ani_no' can exceed the size of 'rect'
 	npc->rect = rect[npc->ani_no];
 }
 
diff --git a/src/NpcAct180.cpp b/src/NpcAct180.cpp
index 8e3651c6..372b3563 100644
--- a/src/NpcAct180.cpp
+++ b/src/NpcAct180.cpp
@@ -1431,5 +1431,6 @@ void ActNpc199(NPCHAR *npc)
 	npc->x += npc->xm;
 	npc->y += npc->ym;
 
+	// Note that 'npc->ani_no' can exceed the size of 'rect'
 	npc->rect = rect[npc->ani_no];
 }
diff --git a/src/TextScr.cpp b/src/TextScr.cpp
index 809ec0e5..e4d910be 100644
--- a/src/TextScr.cpp
+++ b/src/TextScr.cpp
@@ -33,6 +33,7 @@
 #include "Sound.h"
 #include "Stage.h"
 
+// This limits the size of a .tsc script to 0x5000 bytes (the game will crash above this)
 #define TSC_BUFFER_SIZE 0x5000
 
 #define TEXT_LEFT (WINDOW_WIDTH / 2 - 108)
@@ -136,7 +137,7 @@ BOOL LoadTextScript2(const char *name)
 	if (fp == NULL)
 		return FALSE;
 
-	// Read data
+	// Read data. Note that gTS.size may exceed the size of 'gTS.data' (TSC_BUFFER_SIZE)
 	fread(gTS.data, 1, gTS.size, fp);
 	gTS.data[gTS.size] = 0;
 	fclose(fp);
@@ -169,7 +170,7 @@ BOOL LoadTextScript_Stage(const char *name)
 	if (fp == NULL)
 		return FALSE;
 
-	// Read Head.tsc
+	// Read Head.tsc. Note that head_size may exceed the size of 'gTS.data' (TSC_BUFFER_SIZE)
 	fread(gTS.data, 1, head_size, fp);
 	EncryptionBinaryData2((unsigned char*)gTS.data, head_size);
 	gTS.data[head_size] = 0;
@@ -186,7 +187,7 @@ BOOL LoadTextScript_Stage(const char *name)
 	if (fp == NULL)
 		return FALSE;
 
-	// Read stage's tsc
+	// Read stage's tsc. Note that head_size + body_size may exceed the size of 'gTS.data' (TSC_BUFFER_SIZE)
 	fread(&gTS.data[head_size], 1, body_size, fp);
 	EncryptionBinaryData2((unsigned char*)&gTS.data[head_size], body_size);
 	gTS.data[head_size + body_size] = 0;

From fbf9332c9a7cb711927158805b3804908cafc304 Mon Sep 17 00:00:00 2001
From: Clownacy <Clownacy@users.noreply.github.com>
Date: Sun, 5 Apr 2020 18:25:35 +0100
Subject: [PATCH 2/3] Fix compiler error with DEBUG_SAVE enabled

---
 src/Main.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Main.cpp b/src/Main.cpp
index 5719d734..6d9f1905 100644
--- a/src/Main.cpp
+++ b/src/Main.cpp
@@ -451,7 +451,7 @@ LRESULT CALLBACK WindowProcedure(HWND hWnd, UINT Msg, WPARAM wParam, LPARAM lPar
 		case WM_CREATE:
 			hMenu = GetMenu(hWnd);
 		#ifdef DEBUG_SAVE
-			if (!CheckFileExists("save"))	// Chances are a line like this used to exist
+			if (!IsKeyFile("save"))	// Chances are a line like this used to exist
 		#endif
 				DeleteMenu(hMenu, 40005, MF_BYCOMMAND);
 			DrawMenuBar(hWnd);

From b41caad0b9f5f9be6a5e27b4f189259fa4ffeafc Mon Sep 17 00:00:00 2001
From: Clownacy <Clownacy@users.noreply.github.com>
Date: Sun, 5 Apr 2020 18:29:46 +0100
Subject: [PATCH 3/3] Update function names in devilution-comparer file

---
 devilution/comparer-config.toml | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/devilution/comparer-config.toml b/devilution/comparer-config.toml
index be08ece4..010b3f1d 100644
--- a/devilution/comparer-config.toml
+++ b/devilution/comparer-config.toml
@@ -372,7 +372,7 @@ name = "QuitDialog"
 addr = 0x40B290
 
 [[func]]
-name = "SetWindowPadding"
+name = "SetClientOffset"
 addr = 0x40B320
 
 [[func]]
@@ -698,23 +698,23 @@ name = "GetCompileVersion"
 addr = 0x410990
 
 [[func]]
-name = "OpenVolumeConfiguration"
+name = "OpenSoundVolume"
 addr = 0x410AB0
 
 [[func]]
-name = "DeleteDebugLog"
+name = "DeleteLog"
 addr = 0x410BC0
 
 [[func]]
-name = "PrintDebugLog"
+name = "WriteLog"
 addr = 0x410C10
 
 [[func]]
-name = "CheckTime"
+name = "GetDateLimit"
 addr = 0x410CA0
 
 [[func]]
-name = "CheckFileExists"
+name = "IsKeyFile"
 addr = 0x410D10
 
 [[func]]
@@ -722,7 +722,7 @@ name = "GetFileSizeLong"
 addr = 0x410D80
 
 [[func]]
-name = "PrintBitmapError"
+name = "ErrorLog"
 addr = 0x410DE0
 
 [[func]]
@@ -730,7 +730,7 @@ name = "IsShiftJIS"
 addr = 0x410E90
 
 [[func]]
-name = "CenterWindow"
+name = "CenteringWindowByParent"
 addr = 0x410EE0
 
 [[func]]
@@ -754,7 +754,7 @@ name = "ReleaseDirectInput"
 addr = 0x411E10
 
 [[func]]
-name = "SetDeviceAquire"
+name = "ActivateDirectInput"
 addr = 0x411E60
 size = 0x46