Guard all cases obj.getteleporter() is used unchecked

obj.getteleporter() is able to return -1. If there's no check on it, it will end up indexing out-of-bounds, which is Undefined Behavior.
2024-06-24 13:38:29 +02:00 · 2020-06-12 19:31:08 -07:00 · 2020-06-12 19:31:08 -07:00 · 08e47e839f
commit 08e47e839f
parent 3b76713441
3 changed files with 57 additions and 21 deletions
--- a/desktop_version/src/Game.cpp
+++ b/desktop_version/src/Game.cpp
@ -2157,6 +2157,7 @@ void Game::updatestate()
            music.playef(10);
            break;
        case 2502:
+        {
            //Activating a teleporter 2
            state++;
            statedelay = 5;
@ -2165,17 +2166,25 @@ void Game::updatestate()
            obj.entities[i].colour = 0;
            obj.entities[i].invis = false;

-            obj.entities[i].xp = obj.entities[obj.getteleporter()].xp+44;
-            obj.entities[i].yp = obj.entities[obj.getteleporter()].yp+44;
+            int j = obj.getteleporter();
+            if (j > -1)
+            {
+                obj.entities[i].xp = obj.entities[j].xp+44;
+                obj.entities[i].yp = obj.entities[j].yp+44;
+            }
            obj.entities[i].ay = -6;
            obj.entities[i].ax = 6;
            obj.entities[i].vy = -6;
            obj.entities[i].vx = 6;

            i = obj.getteleporter();
-            obj.entities[i].tile = 1;
-            obj.entities[i].colour = 101;
+            if (i > -1)
+            {
+                obj.entities[i].tile = 1;
+                obj.entities[i].colour = 101;
+            }
            break;
+        }
        case 2503:
            state++;
            i = obj.getplayer();
@ -2316,8 +2325,11 @@ void Game::updatestate()
            }

            i = obj.getteleporter();
-            obj.entities[i].tile = 1;
-            obj.entities[i].colour = 100;
+            if (i > -1)
+            {
+                obj.entities[i].tile = 1;
+                obj.entities[i].colour = 100;
+            }
            break;

        case 3006:
@ -3517,8 +3529,11 @@ void Game::updatestate()
            }
            i = obj.getteleporter();
            activetele = true;
-            teleblock.x = obj.entities[i].xp - 32;
-            teleblock.y = obj.entities[i].yp - 32;
+            if (i > -1)
+            {
+                teleblock.x = obj.entities[i].xp - 32;
+                teleblock.y = obj.entities[i].yp - 32;
+            }
            teleblock.w = 160;
            teleblock.h = 160;
            hascontrol = true;
--- a/desktop_version/src/Input.cpp
+++ b/desktop_version/src/Input.cpp
@ -1608,8 +1608,11 @@ void gameinput()
                                obj.entities[player].colour = 102;

                                int teleporter = obj.getteleporter();
-                                obj.entities[teleporter].tile = 6;
-                                obj.entities[teleporter].colour = 102;
+                                if (teleporter > -1)
+                                {
+                                    obj.entities[teleporter].tile = 6;
+                                    obj.entities[teleporter].colour = 102;
+                                }
                                //which teleporter script do we use? it depends on the companion!
                                game.state = 4000;
                                game.statedelay = 0;
@ -1641,8 +1644,11 @@ void gameinput()
                                if(companion>-1) obj.entities[companion].colour = 102;

                                int teleporter = obj.getteleporter();
-                                obj.entities[teleporter].tile = 6;
-                                obj.entities[teleporter].colour = 102;
+                                if (teleporter > -1)
+                                {
+                                    obj.entities[teleporter].tile = 6;
+                                    obj.entities[teleporter].colour = 102;
+                                }
                                //which teleporter script do we use? it depends on the companion!
                                game.state = 3000;
                                game.statedelay = 0;
@ -2113,8 +2119,11 @@ void teleporterinput()
                obj.entities[i].colour = 102;

                i = obj.getteleporter();
-                obj.entities[i].tile = 6;
-                obj.entities[i].colour = 102;
+                if (i > -1)
+                {
+                    obj.entities[i].tile = 6;
+                    obj.entities[i].colour = 102;
+                }
                //which teleporter script do we use? it depends on the companion!
                game.state = 4000;
                game.statedelay = 0;
--- a/desktop_version/src/Script.cpp
+++ b/desktop_version/src/Script.cpp
@ -1097,8 +1097,11 @@ void scriptclass::run()
 			else if (words[0] == "activateteleporter")
 			{
 				i = obj.getteleporter();
-				obj.entities[i].tile = 6;
-				obj.entities[i].colour = 102;
+				if (i > -1)
+				{
+					obj.entities[i].tile = 6;
+					obj.entities[i].colour = 102;
+				}
 			}
 			else if (words[0] == "changecolour")
 			{
@ -1835,7 +1838,10 @@ void scriptclass::run()
 			else if (words[0] == "activeteleporter")
 			{
 				i = obj.getteleporter();
-				obj.entities[i].colour = 101;
+				if (i > -1)
+				{
+					obj.entities[i].colour = 101;
+				}
 			}
 			else if (words[0] == "foundtrinket")
 			{
@ -3290,12 +3296,18 @@ void scriptclass::teleport()
 	game.gravitycontrol = 0;
 	map.gotoroom(100+game.teleport_to_x, 100+game.teleport_to_y);
 	j = obj.getteleporter();
-	obj.entities[j].state = 2;
+	if (j > -1)
+	{
+		obj.entities[j].state = 2;
+	}
 	game.teleport_to_new_area = false;

-	game.savepoint = obj.entities[j].para;
-	game.savex = obj.entities[j].xp + 44;
-	game.savey = obj.entities[j].yp + 44;
+	if (j > -1)
+	{
+		game.savepoint = obj.entities[j].para;
+		game.savex = obj.entities[j].xp + 44;
+		game.savey = obj.entities[j].yp + 44;
+	}
 	game.savegc = 0;

 	game.saverx = game.roomx;