From 76271c21186376c5ec018f48cf96fbe2a9790ec5 Mon Sep 17 00:00:00 2001 From: "U-DESKTOP-F0TJMO2\\Utilisateur" Date: Mon, 20 Nov 2023 19:45:09 +0100 Subject: [PATCH] Fix fire piranha plant out of bounds read when behavior params > 0x00010000 --- src/game/behaviors/fire_piranha_plant.inc.c | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/src/game/behaviors/fire_piranha_plant.inc.c b/src/game/behaviors/fire_piranha_plant.inc.c index adfee164..f94381de 100644 --- a/src/game/behaviors/fire_piranha_plant.inc.c +++ b/src/game/behaviors/fire_piranha_plant.inc.c @@ -10,11 +10,6 @@ struct ObjectHitbox sFirePiranhaPlantHitbox = { /* hurtboxHeight: */ 150, }; -f32 D_80331B5C[] = { - 0.5f, - 2.0f, -}; - struct ObjectHitbox sPiranhaPlantFireHitbox = { /* interactType: */ INTERACT_FLAME, /* downOffset: */ 10, @@ -30,11 +25,15 @@ struct ObjectHitbox sPiranhaPlantFireHitbox = { s32 sNumActiveFirePiranhaPlants; s32 sNumKilledFirePiranhaPlants; +inline static u8 is_giant_fire_piranha_plant() { + return (o->oBehParams & 0x00FF0000) != 0; +} + void bhv_fire_piranha_plant_init(void) { - o->oFirePiranhaPlantNeutralScale = D_80331B5C[(u16)(o->oBehParams >> 16)]; + o->oFirePiranhaPlantNeutralScale = (is_giant_fire_piranha_plant() ? 2.f : 0.5f); obj_set_hitbox(o, &sFirePiranhaPlantHitbox); - if ((u16)(o->oBehParams >> 16) != 0) { + if (is_giant_fire_piranha_plant()) { o->oFlags |= 0x00004000; o->oHealth = 1; @@ -72,7 +71,7 @@ static void fire_piranha_plant_act_hide(void) { sNumActiveFirePiranhaPlants -= 1; o->oFirePiranhaPlantActive = FALSE; - if ((u16)(o->oBehParams >> 16) != 0 && o->oHealth == 0) { + if (is_giant_fire_piranha_plant() && o->oHealth == 0) { if (++sNumKilledFirePiranhaPlants == 5) { f32* starPos = gLevelValues.starPositions.BigPiranhasStarPos; spawn_default_star(starPos[0], starPos[1], starPos[2]);