increased numplate and car dirt code safety (null entries properly now, don't allow for a buffer overrun in strcpy_s)

2024-11-22 05:22:32 +01:00 · 2017-04-09 23:17:31 +02:00 · 2017-04-09 23:17:31 +02:00 · 6e470ab20d
commit 6e470ab20d
parent 98055b9f3f
4 changed files with 25 additions and 12 deletions
--- a/SilentPatchSA/ModelInfoSA.cpp
+++ b/SilentPatchSA/ModelInfoSA.cpp
@ -22,7 +22,7 @@ void CVehicleModelInfo::Shutdown()

 void CVehicleModelInfo::FindEditableMaterialList()
 {
-	int materialCount = 0;
+	size_t materialCount = 0;

 	auto GetEditableMaterialListCB = [&]( RpAtomic* atomic ) -> RpAtomic* {
 		RpGeometryForAllMaterials( RpAtomicGetGeometry(atomic), [&]( RpMaterial* material ) -> RpMaterial* {
@ -44,11 +44,8 @@ void CVehicleModelInfo::FindEditableMaterialList()

 	RpClumpForAllAtomics(reinterpret_cast<RpClump*>(pRwObject), GetEditableMaterialListCB);

-	if ( m_pVehicleStruct->m_nNumExtras > 0 )
-	{
-		for ( int i = 0; i < m_pVehicleStruct->m_nNumExtras; i++ )
-			GetEditableMaterialListCB(m_pVehicleStruct->m_apExtras[i]);
-	}
+	for ( uint32_t i = 0; i < m_pVehicleStruct->m_nNumExtras; i++ )
+		GetEditableMaterialListCB(m_pVehicleStruct->m_apExtras[i]);

 	m_nPrimaryColor = -1;
 	m_nSecondaryColor = -1;
--- a/SilentPatchSA/ModelInfoSA.h
+++ b/SilentPatchSA/ModelInfoSA.h
@ -225,8 +225,10 @@ public:
 class NOVMT CVehicleModelInfo : public CClumpModelInfo
 {
 public:
+	static const size_t		PLATE_TEXT_LEN = 8;
+
 	RpMaterial**			m_apPlateMaterials;		// Changed in SilentPatchh
-	char					m_plateText[8];
+	char					m_plateText[PLATE_TEXT_LEN];
 	char					field_30;
 	signed char				m_nPlateType;
 	char					m_nGameName[8];
@ -261,7 +263,7 @@ public:
 		CVector				m_avDummyPosn[15];
 		UpgradePosnDesc		m_aUpgrades[18];
 		RpAtomic*			m_apExtras[6];
-		unsigned char		m_nNumExtras;
+		uint8_t				m_nNumExtras;
 		unsigned int		m_dwMaskComponentsDamagable;
 	}						*m_pVehicleStruct;

--- a/SilentPatchSA/SilentPatchSA.cpp
+++ b/SilentPatchSA/SilentPatchSA.cpp
@ -1115,6 +1115,15 @@ bool __stdcall CheckDoubleRWheelsList( void* modelInfo, uint8_t* handlingData )
 	return lastResult;
 }

+CVehicleModelInfo* (__thiscall *orgVehicleModelInfoCtor)(CVehicleModelInfo*);
+CVehicleModelInfo* __fastcall VehicleModelInfoCtor(CVehicleModelInfo* me)
+{
+	orgVehicleModelInfoCtor(me);
+	me->m_apPlateMaterials = nullptr;
+	std::fill( std::begin(me->m_apDirtMaterials), std::end(me->m_apDirtMaterials), nullptr );
+	return me;
+}
+
 #pragma warning(push)
 #pragma warning(disable:4838)
 #include <xnamath.h>
@ -3249,6 +3258,11 @@ void Patch_SA_10()
 	InjectHook( 0x4C9239+2, CheckDoubleRWheelsList, PATCH_CALL );
 	Patch<uint16_t>( 0x4C9239+7, 0xC084 );
 	Nop( 0x4C9239+9, 1 );
+
+
+	// Properly initialize all CVehicleModelInfo fields
+	ReadCall( 0x4C75E4, orgVehicleModelInfoCtor );
+	InjectHook( 0x4C75E4, VehicleModelInfoCtor );
 }

 void Patch_SA_11()
--- a/SilentPatchSA/VehicleSA.cpp
+++ b/SilentPatchSA/VehicleSA.cpp
@ -97,16 +97,16 @@ void CVehicle::SetComponentAtomicAlpha(RpAtomic* pAtomic, int nAlpha)

 bool CVehicle::CustomCarPlate_TextureCreate(CVehicleModelInfo* pModelInfo)
 {
-	char		PlateText[10];
+	char		PlateText[CVehicleModelInfo::PLATE_TEXT_LEN+1];
 	const char*	pOverrideText = pModelInfo->GetCustomCarPlateText();

 	if ( pOverrideText )
-		strcpy_s(PlateText, pOverrideText);
+		strncpy_s(PlateText, pOverrideText, CVehicleModelInfo::PLATE_TEXT_LEN);
 	else
-		CCustomCarPlateMgr::GeneratePlateText(PlateText, 8);
+		CCustomCarPlateMgr::GeneratePlateText(PlateText, CVehicleModelInfo::PLATE_TEXT_LEN);

+	PlateText[CVehicleModelInfo::PLATE_TEXT_LEN] = '\0';
 	PlateTexture = CCustomCarPlateMgr::CreatePlateTexture(PlateText, pModelInfo->m_nPlateType);
-	//PlateDesign = pModelInfo->m_nPlateType != -1 ? pModelInfo->m_nPlateType : CCustomCarPlateMgr::GetMapRegionPlateDesign();
 	if ( pModelInfo->m_nPlateType != -1 )
 		PlateDesign = pModelInfo->m_nPlateType;
 	else if ( IsLawEnforcementVehicle() )