From a762f28837093b3972c3d26d94bbc2c71f96b27c Mon Sep 17 00:00:00 2001 From: Clownacy Date: Sat, 1 Feb 2020 12:45:32 +0000 Subject: [PATCH] Note some out-of-bounds array accesses Thanks, Gabe --- src/Caret.cpp | 12 ++++++++++++ src/MycParam.cpp | 1 + 2 files changed, 13 insertions(+) diff --git a/src/Caret.cpp b/src/Caret.cpp index 0e1c178c..3cc27dde 100644 --- a/src/Caret.cpp +++ b/src/Caret.cpp @@ -119,6 +119,8 @@ void ActCaret02(CARET *crt) if (crt->ani_no > 3) crt->cond = 0; + // Note that 'crt->ani_no' can exceed the size of 'rect_left' + crt->rect = rect_left[crt->ani_no]; break; @@ -132,6 +134,8 @@ void ActCaret02(CARET *crt) if (crt->ani_no > 3) crt->cond = 0; + // Note that 'crt->ani_no' can exceed the size of 'rect_right' + crt->rect = rect_right[crt->ani_no]; break; @@ -161,6 +165,8 @@ void ActCaret03(CARET *crt) crt->cond = 0; } + // Note that 'crt->ani_no' can exceed the size of 'rect' + crt->rect = rect[crt->ani_no]; } @@ -213,6 +219,8 @@ void ActCaret05(CARET *crt) crt->x += 0x80; crt->y -= 0x80; + // Note that 'crt->ani_no' can exceed the size of 'rect' + crt->rect = rect[crt->ani_no]; } @@ -352,6 +360,8 @@ void ActCaret11(CARET *crt) crt->cond = 0; } + // Note that 'crt->ani_no' can exceed the size of 'rcRight' + crt->rect = rcRight[crt->ani_no]; } @@ -369,6 +379,8 @@ void ActCaret12(CARET *crt) crt->cond = 0; } + // Note that 'crt->ani_no' can exceed the size of 'rcLeft' + crt->rect = rcLeft[crt->ani_no]; } diff --git a/src/MycParam.cpp b/src/MycParam.cpp index a6328c23..07b99fa1 100644 --- a/src/MycParam.cpp +++ b/src/MycParam.cpp @@ -269,6 +269,7 @@ void PutArmsEnergy(BOOL flash) RECT rcExpMax = {40, 72, 80, 80}; RECT rcExpFlash = {40, 80, 80, 88}; + // Note that this can result in '-1', causing the following array accesses to be out-of-bounds int lv = gArmsData[gSelectedArms].level - 1; int arms_code = gArmsData[gSelectedArms].code; int exp_now = gArmsData[gSelectedArms].exp;