atiran/sovereignx
3
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix Trainer Hill OOB array access (#5930)

Browse source 
Co-authored-by: sbird <sbird@no.tld>
This commit is contained in:
Philipp AUER 2025-01-02 10:41:46 +01:00 committed by GitHub
parent 107984e273
commit 36c8332cd3
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 15 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
src/trainer_hill.c
View file

@ -212,6 +212,14 @@ static const struct TrainerHillChallenge *const sChallengeData[NUM_TRAINER_HILL_
[HILL_MODE_EXPERT] = &sChallenge_Expert,
};
static const struct TrainerHillFloor *const sFloorData[NUM_TRAINER_HILL_MODES] =
{
[HILL_MODE_NORMAL] = &sFloors_Normal[0],
[HILL_MODE_VARIETY] = &sFloors_Variety[0],
[HILL_MODE_UNIQUE] = &sFloors_Unique[0],
[HILL_MODE_EXPERT] = &sFloors_Expert[0],
};
// Unused.
static const u8 *const sFloorStrings[] =
{
@ -357,20 +365,14 @@ void FreeTrainerHillBattleStruct(void)
static void SetUpDataStruct(void)
{
#if FREE_TRAINER_HILL == FALSE
if (sHillData == NULL)
{
sHillData = AllocZeroed(sizeof(*sHillData));
sHillData->floorId = gMapHeader.mapLayoutId - LAYOUT_TRAINER_HILL_1F;
if (sHillData != NULL) return;
// This copy depends on the floor data for each challenge being directly after the
// challenge header data, and for the field 'floors' in sHillData to come directly
// after the field 'challenge'.
// e.g. for HILL_MODE_NORMAL, it will copy sChallenge_Normal to sHillData->challenge and
// it will copy sFloors_Normal to sHillData->floors
CpuCopy32(sChallengeData[gSaveBlock1Ptr->trainerHill.mode], &sHillData->challenge, sizeof(sHillData->challenge) + sizeof(sHillData->floors));
TrainerHillDummy();
}
#endif //FREE_TRAINER_HILL
sHillData = AllocZeroed(sizeof(*sHillData));
sHillData->floorId = gMapHeader.mapLayoutId - LAYOUT_TRAINER_HILL_1F;
CpuCopy32(sChallengeData[gSaveBlock1Ptr->trainerHill.mode], &sHillData->challenge, sizeof(sHillData->challenge));
CpuCopy32(sFloorData[gSaveBlock1Ptr->trainerHill.mode], &sHillData->floors, sizeof(sHillData->floors));
#endif // FREE_TRAINER_HILL
}
static void FreeDataStruct(void)