mirrors
/
OpenRCT2
mirror of https://github.com/OpenRCT2/OpenRCT2.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Validate parameters passed to game commands (#4814)

This commit is contained in:
Michał Janiszewski 2016-11-21 10:37:10 +01:00 committed by GitHub
parent 09d2f9417e
commit aef80b1a82
5 changed files with 27 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/peep/peep.c
View File

@ -1990,8 +1990,12 @@ bool peep_pickup_place(rct_peep* peep, int x, int y, int z, bool apply)
return true; return true;
} }
bool peep_pickup_command(int peepnum, int x, int y, int z, int action, bool apply) bool peep_pickup_command(unsigned int peepnum, int x, int y, int z, int action, bool apply)
{ {
if (peepnum >= MAX_SPRITES) {
log_error("Failed to pick up peep for sprite %d", peepnum);
return false;
}
rct_peep* peep = GET_PEEP(peepnum); rct_peep* peep = GET_PEEP(peepnum);
if (!peep || peep->sprite_identifier != SPRITE_IDENTIFIER_PEEP) { if (!peep || peep->sprite_identifier != SPRITE_IDENTIFIER_PEEP) {
return false; return false;

2
src/peep/peep.h
View File

@ -655,7 +655,7 @@ int peep_has_food(rct_peep* peep);
void peep_pickup(rct_peep* peep); void peep_pickup(rct_peep* peep);
void peep_pickup_abort(rct_peep* peep, int old_x); void peep_pickup_abort(rct_peep* peep, int old_x);
bool peep_pickup_place(rct_peep* peep, int x, int y, int z, bool apply); bool peep_pickup_place(rct_peep* peep, int x, int y, int z, bool apply);
bool peep_pickup_command(int peepnum, int x, int y, int z, int action, bool apply); bool peep_pickup_command(unsigned int peepnum, int x, int y, int z, int action, bool apply);
void game_command_pickup_guest(int* eax, int* ebx, int* ecx, int* edx, int* esi, int* edi, int* ebp); void game_command_pickup_guest(int* eax, int* ebx, int* ecx, int* edx, int* esi, int* edi, int* ebp);
void peep_sprite_remove(rct_peep* peep); void peep_sprite_remove(rct_peep* peep);
void peep_remove(rct_peep* peep); void peep_remove(rct_peep* peep);

18
src/peep/staff.c
View File

@ -65,7 +65,12 @@ void game_command_update_staff_colour(int *eax, int *ebx, int *ecx, int *edx, in
colour = (*edx >> 8) & 0xFF; colour = (*edx >> 8) & 0xFF;
if (*ebx & GAME_COMMAND_FLAG_APPLY) { if (*ebx & GAME_COMMAND_FLAG_APPLY) {
staff_set_colour(staffType, colour); // Client may send invalid data
bool ok = staff_set_colour(staffType, colour);
if (!ok) {
*ebx = MONEY32_UNDEFINED;
return;
}
FOR_ALL_PEEPS(spriteIndex, peep) { FOR_ALL_PEEPS(spriteIndex, peep) {
if (peep->type == PEEP_TYPE_STAFF && peep->staff_type == staffType) { if (peep->type == PEEP_TYPE_STAFF && peep->staff_type == staffType) {
@ -384,6 +389,11 @@ void game_command_set_staff_order(int *eax, int *ebx, int *ecx, int *edx, int *e
if(order_id & 0x80){ // change costume if(order_id & 0x80){ // change costume
uint8 sprite_type = order_id & ~0x80; uint8 sprite_type = order_id & ~0x80;
sprite_type += 4; sprite_type += 4;
if (sprite_type > countof(peep_slow_walking_types)) {
log_error("Invalid change costume order for sprite_type %u", sprite_type);
*ebx = MONEY32_UNDEFINED;
return;
}
peep->sprite_type = sprite_type; peep->sprite_type = sprite_type;
peep->peep_flags &= ~PEEP_FLAGS_SLOW_WALK; peep->peep_flags &= ~PEEP_FLAGS_SLOW_WALK;
if(peep_slow_walking_types[sprite_type]){ if(peep_slow_walking_types[sprite_type]){
@ -1380,7 +1390,7 @@ colour_t staff_get_colour(uint8 staffType)
} }
} }
void staff_set_colour(uint8 staffType, colour_t value) bool staff_set_colour(uint8 staffType, colour_t value)
{ {
switch (staffType) { switch (staffType) {
case STAFF_TYPE_HANDYMAN: case STAFF_TYPE_HANDYMAN:
@ -1393,7 +1403,7 @@ void staff_set_colour(uint8 staffType, colour_t value)
gStaffSecurityColour = value; gStaffSecurityColour = value;
break; break;
default: default:
assert(false); return false;
break;
} }
return true;
} }

2
src/peep/staff.h
View File

@ -87,6 +87,6 @@ bool staff_is_patrol_area_set(int staffIndex, int x, int y);
void staff_set_patrol_area(int staffIndex, int x, int y, bool value); void staff_set_patrol_area(int staffIndex, int x, int y, bool value);
void staff_toggle_patrol_area(int staffIndex, int x, int y); void staff_toggle_patrol_area(int staffIndex, int x, int y);
colour_t staff_get_colour(uint8 staffType); colour_t staff_get_colour(uint8 staffType);
void staff_set_colour(uint8 staffType, colour_t value); bool staff_set_colour(uint8 staffType, colour_t value);
#endif #endif

7
src/world/balloon.c
View File

@ -102,12 +102,17 @@ static void balloon_press(rct_balloon *balloon)
void game_command_balloon_press(int* eax, int* ebx, int* ecx, int* edx, int* esi, int* edi, int* ebp) void game_command_balloon_press(int* eax, int* ebx, int* ecx, int* edx, int* esi, int* edi, int* ebp)
{ {
int balloon_num = *eax; unsigned int balloon_num = *eax;
int flags = *ebx; int flags = *ebx;
*ebx = 0; *ebx = 0;
if (!(flags & GAME_COMMAND_FLAG_APPLY)) { if (!(flags & GAME_COMMAND_FLAG_APPLY)) {
return; return;
} }
if (balloon_num >= MAX_SPRITES) {
log_error("Tried getting invalid sprite for balloon: %u", balloon_num);
*ebx = MONEY32_UNDEFINED;
return;
}
rct_sprite* sprite = get_sprite(balloon_num); rct_sprite* sprite = get_sprite(balloon_num);
if (!sprite) { if (!sprite) {
return; return;