Merge pull request #6094 from janisozaur/track-design

Track design from #5931 now costs 7 274 money to build, instead of -214 740.60. Also prevents reading memory out of bounds at the end of the TD6 buffer.
2017-08-05 17:14:36 +01:00 · 2017-08-05 17:14:36 +01:00 · 4db0ceaccd
parent 2dc87469fd 754666d4e9
commit 4db0ceaccd
5 changed files with 14 additions and 11 deletions
--- a/src/openrct2/object.h
+++ b/src/openrct2/object.h
@ -65,7 +65,10 @@ typedef enum
 * size: 0x10
 */
 typedef struct rct_object_entry {
-    uint32 flags;
+    union {
+        uint8 end_flag; // needed not to read past allocated buffer.
+        uint32 flags;
+    };
    char name[8];
    uint32 checksum;
 } rct_object_entry;
--- a/src/openrct2/object/SceneryObject.h
+++ b/src/openrct2/object/SceneryObject.h
@ -21,7 +21,7 @@
 class SceneryObject : public Object
 {
 private:
-    rct_object_entry    _primarySceneryGroupEntry = { 0 };
+    rct_object_entry    _primarySceneryGroupEntry = { };

 public:
    explicit SceneryObject(const rct_object_entry &entry) : Object(entry) { }
--- a/src/openrct2/ride/track_design.c
+++ b/src/openrct2/ride/track_design.c
@ -365,7 +365,7 @@ static void track_design_load_scenery_objects(rct_track_td6 *td6)

    // Load scenery objects
    rct_td6_scenery_element *scenery = td6->scenery_elements;
-    for (; (scenery->scenery_object.flags & 0xFF) != 0xFF; scenery++) {
+    for (; scenery->scenery_object.end_flag != 0xFF; scenery++) {
        rct_object_entry * sceneryEntry = &scenery->scenery_object;
        object_manager_load_object(sceneryEntry);
    }
@ -378,7 +378,7 @@ static void track_design_load_scenery_objects(rct_track_td6 *td6)
 static void track_design_mirror_scenery(rct_track_td6 *td6)
 {
    rct_td6_scenery_element *scenery = td6->scenery_elements;
-    for (; (scenery->scenery_object.flags & 0xFF) != 0xFF; scenery++) {
+    for (; scenery->scenery_object.end_flag != 0xFF; scenery++) {
        uint8 entry_type, entry_index;
        if (!find_object_in_entry_group(&scenery->scenery_object, &entry_type, &entry_index)) {
            entry_type = scenery->scenery_object.flags & 0xF;
@ -558,7 +558,7 @@ static void track_design_update_max_min_coordinates(sint16 x, sint16 y, sint16 z
 static sint32 track_design_place_scenery(rct_td6_scenery_element *scenery_start, uint8 rideIndex, sint32 originX, sint32 originY, sint32 originZ)
 {
    for (uint8 mode = 0; mode <= 1; mode++) {
-        if ((scenery_start->scenery_object.flags & 0xFF) != 0xFF) {
+        if (scenery_start->scenery_object.end_flag != 0xFF) {
            _trackDesignPlaceStateHasScenery = true;
        }

@ -566,7 +566,7 @@ static sint32 track_design_place_scenery(rct_td6_scenery_element *scenery_start,
            continue;
        }

-        for (rct_td6_scenery_element *scenery = scenery_start; (scenery->scenery_object.flags & 0xFF) != 0xFF; scenery++) {
+        for (rct_td6_scenery_element *scenery = scenery_start; scenery->scenery_object.end_flag != 0xFF; scenery++) {
            uint8 rotation = _currentTrackPieceDirection;
            rct_xy8 tile = { .x = originX / 32, .y = originY / 32 };
            switch (rotation & 3){
@ -895,7 +895,7 @@ static sint32 track_design_place_scenery(rct_td6_scenery_element *scenery_start,
                    continue;
                    break;
                }
-                _trackDesignPlaceCost += cost;
+                add_clamp_money32(_trackDesignPlaceCost, cost);
                if (_trackDesignPlaceOperation != PTD_OPERATION_2) {
                    if (cost == MONEY32_UNDEFINED){
                        _trackDesignPlaceCost = MONEY32_UNDEFINED;
@ -1131,7 +1131,7 @@ static bool track_design_place_ride(rct_track_td6 *td6, sint16 x, sint16 y, sint
            sint16 tempZ = z - trackCoordinates->z_begin;
            uint32 edi =
                ((track->flags & 0x0F) << 17) |
-                ((track->flags & 0x0F) << 28) |
+                ((uint32)(track->flags & 0x0F) << 28) |
                (((track->flags >> 4) & 0x03) << 24) |
                (tempZ & 0xFFFF);

--- a/src/openrct2/ride/track_design_save.c
+++ b/src/openrct2/ride/track_design_save.c
@ -1159,7 +1159,7 @@ static size_t track_design_get_scenery_elements_count(rct_track_td6 *td6)
    size_t count = 0;
    rct_td6_scenery_element *sceneryElement = td6->scenery_elements;
    if (sceneryElement != NULL) {
-        while ((sceneryElement->scenery_object.flags & 0xFF) != 0xFF) {
+        while (sceneryElement->scenery_object.end_flag != 0xFF) {
            count++;
            sceneryElement++;
        }
--- a/src/openrct2/windows/track_place.c
+++ b/src/openrct2/windows/track_place.c
@ -488,8 +488,8 @@ static void window_track_place_draw_mini_preview(rct_track_td6 *td6)
    for (sint32 pass = 0; pass < 2; pass++) {
        rct_xy16 origin = { 0, 0 };
        if (pass == 1) {
-            origin.x -= ((max.x + min.x) >> 6) << 5;
-            origin.y -= ((max.y + min.y) >> 6) << 5;
+            origin.x -= ((max.x + min.x) >> 6) * 32;
+            origin.y -= ((max.y + min.y) >> 6) * 32;
        }

        if (td6->type == RIDE_TYPE_MAZE) {