Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OOB error in AddFlash when cast by shrine #1500

Closed
AJenbo opened this issue Apr 12, 2021 · 1 comment · Fixed by #1502
Closed

OOB error in AddFlash when cast by shrine #1500

AJenbo opened this issue Apr 12, 2021 · 1 comment · Fixed by #1502

Comments

@AJenbo
Copy link
Member

AJenbo commented Apr 12, 2021

To Reproduce
Steps to reproduce the behavior:

  1. Play Hellfire
  2. Find a Sparkling Shrine
  3. Use it
  4. See error

Additional context

/home/ajenbo/code/diablo/devilutionX/Source/missiles.cpp:2518:34: runtime error: index -1 out of bounds for type 'MonsterStruct [200]'
=================================================================
==25143==ERROR: AddressSanitizer: global-buffer-overflow on address 0x55eebcb5414c at pc 0x55eebb172823 bp 0x7fffbaa90c40 sp 0x7fffbaa90c30
READ of size 1 at 0x55eebcb5414c thread T0
    #0 0x55eebb172822 in devilution::AddFlash(int, int, int, int, int, int, signed char, int, int) /home/ajenbo/code/diablo/devilutionX/Source/missiles.cpp:2518
    #1 0x55eebb1a3ef4 in devilution::AddMissile(int, int, int, int, int, int, signed char, int, int, int) /home/ajenbo/code/diablo/devilutionX/Source/missiles.cpp:3426
    #2 0x55eebb40715b in devilution::OperateShrineSparkling(int, int, int) /home/ajenbo/code/diablo/devilutionX/Source/objects.cpp:4232
    #3 0x55eebb40a365 in devilution::OperateShrine(int, int, devilution::_sfx_id) /home/ajenbo/code/diablo/devilutionX/Source/objects.cpp:4486
@AJenbo
Copy link
Member Author

AJenbo commented Apr 12, 2021

The offending code:

		missile[mi]._midam = monster[id].mLevel << 1;

This will cause flash to do some completely random amount of damage. Instead, it should be current dungeon level / 2.

@qndel qndel changed the title OOB error in AddFalsh when cast by shrine OOB error in AddFlash when cast by shrine Apr 12, 2021
AJenbo added a commit that referenced this issue Apr 12, 2021
If cast by traps flash would look in memory a bit before the monster
array for what value to use as damage, no one knows what might have been
there waiting so could deal anything form -254 to 254 damage.

Fixes #1500
AJenbo added a commit that referenced this issue Apr 12, 2021
If cast by traps flash would look in memory a bit before the monster
array for what value to use as damage, no one knows what might have been
there waiting so could deal anything form -254 to 254 damage.

Fixes #1500
AJenbo added a commit that referenced this issue Apr 12, 2021
If cast by traps flash would look in memory a bit before the monster
array for what value to use as damage, no one knows what might have been
there waiting so could deal anything form -254 to 254 damage.

Fixes #1500
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant