-
Notifications
You must be signed in to change notification settings - Fork 616
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OoBs memory access bug in FileChoose_LoadGame #1130
Comments
To reword this issue: Consider this block of code oot/src/overlays/gamestates/ovl_file_choose/z_file_choose.c Lines 1505 to 1515 in 185c9cb
it is in function
This function runs also when a newly created file is loaded, at which point the current b button item is not a sword (it's "no item"). so this condition passes and the block executes then oot/src/overlays/gamestates/ovl_file_choose/z_file_choose.c Lines 1511 to 1512 in 185c9cb
then on
the right hand side expands to (gBitFlags[swordEquipValue - 1] << gEquipShifts[EQUIP_TYPE_SWORD]) which uses gBitFlags[-1]
and that's an OOB access which apparently turns out to be fine (must load a 0 I guess) |
https://github.com/zeldaret/oot/blob/master/src/overlays/gamestates/ovl_file_choose/z_file_choose.c#L1501
If swordEquipMask is 0, an out of bounds memory access will occur. This naturally happens when loading a new game, as the player's B button isn't assigned to a sword item, and gSaveContext.equips.equipment's sword bits are 0. The only reason odd behavior doesn't occur on N64 is that the data at index -1 is either a null pointer or padding, effectively becoming a no op
The text was updated successfully, but these errors were encountered: