shithub: cstory

Download patch

ref: 6f114d0da54e9797f61acec741ab0e4aacac1321
parent: 7fe29e6ac55804b1d53842d2b9b3de4d30af99ec
author: Gabriel Ravier <gabravier@gmail.com>
date: Tue Mar 17 11:31:02 EDT 2020 

Bullet, Caret, NpcAct1{2,4,8}0, TextScr: Add a note about some overflow bugs


--- a/src/Bullet.cpp
+++ b/src/Bullet.cpp
@@ -1642,6 +1642,8 @@
 		{96, 88, 120, 112},
 	};
 
+	// Note that 'bul->ani_no' can exceed the size of 'rcLeft' and 'rcRight'
+
 	if (bul->direct == 0)
 		bul->rect = rcLeft[bul->ani_no];
 	else
--- a/src/Caret.cpp
+++ b/src/Caret.cpp
@@ -76,6 +76,8 @@
 			crt->cond = 0;
 	}
 
+	// Note that 'crt->ani_no' can exceed the size of 'rcLeft' and 'rcRight'
+
 	if (crt->direct == 0)
 		crt->rect = rcLeft[crt->ani_no];
 	else
@@ -244,6 +246,8 @@
 			crt->cond = 0;
 	}
 
+	// Note that 'crt->ani_no' can exceed the size of rcLeft
+
 	crt->rect = rcLeft[crt->ani_no];
 
 	switch (crt->direct)
@@ -446,6 +450,8 @@
 			crt->cond = 0;
 	}
 
+	// Note that 'crt->ani_no' can exceed the size of 'rect'
+
 	crt->rect = rect[crt->ani_no];
 }
 
@@ -465,6 +471,8 @@
 		if (++crt->ani_no > 3)
 			crt->cond = 0;
 	}
+
+	// Note that 'crt->ani_no' can exceed the size of 'rcLeft'
 
 	crt->rect = rcLeft[crt->ani_no];
 }
--- a/src/NpcAct120.cpp
+++ b/src/NpcAct120.cpp
@@ -588,6 +588,8 @@
 			npc->cond = 0;
 	}
 
+	// Note that 'npc->ani_no' can exceed the size of 'rcH' and 'rcV'
+
 	if (npc->direct == 0)
 		npc->rect = rcH[npc->ani_no];
 	else
@@ -648,6 +650,8 @@
 	if (++npc->ani_no > 4)
 		npc->cond = 0;
 
+	// Note that 'npc->ani_no' can exceed the bounds of 'rcLeft', 'rcUp', 'rcRight' and 'rcDown'
+
 	switch (npc->direct)
 	{
 		case 0:
@@ -701,6 +705,8 @@
 	}
 
 	npc->y += npc->ym;
+
+	// Note that '(npc->direct * 3) + npc->ani_no' can exceed the size of 'rect'
 
 	npc->rect = rect[(npc->direct * 3) + npc->ani_no];
 }
--- a/src/NpcAct140.cpp
+++ b/src/NpcAct140.cpp
@@ -758,6 +758,7 @@
 			break;
 	}
 
+	// Note that 'npc->ani_no' can exceed the size of 'rect'
 	npc->rect = rect[npc->ani_no];
 }
 
--- a/src/NpcAct180.cpp
+++ b/src/NpcAct180.cpp
@@ -1431,5 +1431,6 @@
 	npc->x += npc->xm;
 	npc->y += npc->ym;
 
+	// Note that 'npc->ani_no' can exceed the size of 'rect'
 	npc->rect = rect[npc->ani_no];
 }
--- a/src/TextScr.cpp
+++ b/src/TextScr.cpp
@@ -33,6 +33,7 @@
 #include "Sound.h"
 #include "Stage.h"
 
+// This limits the size of a .tsc script to 0x5000 bytes (the game will crash above this)
 #define TSC_BUFFER_SIZE 0x5000
 
 #define TEXT_LEFT (WINDOW_WIDTH / 2 - 108)
@@ -136,7 +137,7 @@
 	if (fp == NULL)
 		return FALSE;
 
-	// Read data
+	// Read data. Note that gTS.size may exceed the size of 'gTS.data' (TSC_BUFFER_SIZE)
 	fread(gTS.data, 1, gTS.size, fp);
 	gTS.data[gTS.size] = 0;
 	fclose(fp);
@@ -169,7 +170,7 @@
 	if (fp == NULL)
 		return FALSE;
 
-	// Read Head.tsc
+	// Read Head.tsc. Note that head_size may exceed the size of 'gTS.data' (TSC_BUFFER_SIZE)
 	fread(gTS.data, 1, head_size, fp);
 	EncryptionBinaryData2((unsigned char*)gTS.data, head_size);
 	gTS.data[head_size] = 0;
@@ -186,7 +187,7 @@
 	if (fp == NULL)
 		return FALSE;
 
-	// Read stage's tsc
+	// Read stage's tsc. Note that head_size + body_size may exceed the size of 'gTS.data' (TSC_BUFFER_SIZE)
 	fread(&gTS.data[head_size], 1, body_size, fp);
 	EncryptionBinaryData2((unsigned char*)&gTS.data[head_size], body_size);
 	gTS.data[head_size + body_size] = 0;