From 97439fa55769bf83d00c632c6bacdd6edc87e607 Mon Sep 17 00:00:00 2001
From: Isaac0-dev <62234577+Isaac0-dev@users.noreply.github.com>
Date: Sat, 30 Nov 2024 07:30:57 +1000
Subject: [PATCH] fix a buffer overflow in smlua_text_utils
---
autogen/convert_functions.py | 2 +-
autogen/lua_definitions/functions.lua | 4 ----
docs/lua/functions-5.md | 18 ------------------
docs/lua/functions.md | 1 -
src/pc/lua/smlua_functions_autogen.c | 16 ----------------
src/pc/lua/utils/smlua_text_utils.c | 12 ++++++++++--
6 files changed, 11 insertions(+), 42 deletions(-)
diff --git a/autogen/convert_functions.py b/autogen/convert_functions.py
index 084aa84af..5e321d6b8 100644
--- a/autogen/convert_functions.py
+++ b/autogen/convert_functions.py
@@ -91,7 +91,7 @@ override_allowed_functions = {
override_disallowed_functions = {
"src/audio/external.h": [ " func_" ],
"src/engine/math_util.h": [ "atan2f", "vec3s_sub" ],
- "src/engine/surface_load.h": [ "alloc_surface_poools", "surface_has_force" ],
+ "src/engine/surface_load.h": [ "alloc_surface_pools" ],
"src/engine/surface_collision.h": [ " debug_", "f32_find_wall_collision" ],
"src/game/mario_actions_airborne.c": [ "^[us]32 act_.*" ],
"src/game/mario_actions_automatic.c": [ "^[us]32 act_.*" ],
diff --git a/autogen/lua_definitions/functions.lua b/autogen/lua_definitions/functions.lua
index e8a737f27..ab9ecac75 100644
--- a/autogen/lua_definitions/functions.lua
+++ b/autogen/lua_definitions/functions.lua
@@ -9181,10 +9181,6 @@ function find_water_level(x, z)
-- ...
end
-function alloc_surface_pools()
- -- ...
-end
-
function clear_dynamic_surfaces()
-- ...
end
diff --git a/docs/lua/functions-5.md b/docs/lua/functions-5.md
index 013dc5bd1..1b02cd93b 100644
--- a/docs/lua/functions-5.md
+++ b/docs/lua/functions-5.md
@@ -5192,24 +5192,6 @@
-## [alloc_surface_pools](#alloc_surface_pools)
-
-### Lua Example
-`alloc_surface_pools()`
-
-### Parameters
-- None
-
-### Returns
-- None
-
-### C Prototype
-`void alloc_surface_pools(void);`
-
-[:arrow_up_small:](#)
-
-
-
## [clear_dynamic_surfaces](#clear_dynamic_surfaces)
### Lua Example
diff --git a/docs/lua/functions.md b/docs/lua/functions.md
index 8e09775fc..065afaa74 100644
--- a/docs/lua/functions.md
+++ b/docs/lua/functions.md
@@ -1918,7 +1918,6 @@
- surface_load.h
- - [alloc_surface_pools](functions-5.md#alloc_surface_pools)
- [clear_dynamic_surfaces](functions-5.md#clear_dynamic_surfaces)
- [get_area_terrain_size](functions-5.md#get_area_terrain_size)
- [load_area_terrain](functions-5.md#load_area_terrain)
diff --git a/src/pc/lua/smlua_functions_autogen.c b/src/pc/lua/smlua_functions_autogen.c
index 49eb8fd67..8ee2d90ff 100644
--- a/src/pc/lua/smlua_functions_autogen.c
+++ b/src/pc/lua/smlua_functions_autogen.c
@@ -33288,21 +33288,6 @@ int smlua_func_find_water_level(lua_State* L) {
// surface_load.h //
////////////////////
-int smlua_func_alloc_surface_pools(UNUSED lua_State* L) {
- if (L == NULL) { return 0; }
-
- int top = lua_gettop(L);
- if (top != 0) {
- LOG_LUA_LINE("Improper param count for '%s': Expected %u, Received %u", "alloc_surface_pools", 0, top);
- return 0;
- }
-
-
- alloc_surface_pools();
-
- return 1;
-}
-
int smlua_func_clear_dynamic_surfaces(UNUSED lua_State* L) {
if (L == NULL) { return 0; }
@@ -35233,7 +35218,6 @@ void smlua_bind_functions_autogen(void) {
smlua_bind_function(L, "find_water_level", smlua_func_find_water_level);
// surface_load.h
- smlua_bind_function(L, "alloc_surface_pools", smlua_func_alloc_surface_pools);
smlua_bind_function(L, "clear_dynamic_surfaces", smlua_func_clear_dynamic_surfaces);
smlua_bind_function(L, "get_area_terrain_size", smlua_func_get_area_terrain_size);
smlua_bind_function(L, "load_area_terrain", smlua_func_load_area_terrain);
diff --git a/src/pc/lua/utils/smlua_text_utils.c b/src/pc/lua/utils/smlua_text_utils.c
index ea3363be7..c54325b8b 100644
--- a/src/pc/lua/utils/smlua_text_utils.c
+++ b/src/pc/lua/utils/smlua_text_utils.c
@@ -77,6 +77,14 @@ static u8* smlua_text_utils_convert(const char* str) {
return dialogStr;
}
+// Checks the first 3 characters
+static bool str_starts_with_spaces(const char* str) {
+ for (u8 i = 0; i < 4; i++) {
+ if (str[i] != ' ') { return false; }
+ }
+ return true;
+}
+
void smlua_text_utils_reset_all(void) {
void **dialogTable = NULL;
void **actNameTbl = NULL;
@@ -198,7 +206,7 @@ void smlua_text_utils_dialog_replace(enum DialogId dialogId, UNUSED u32 unused,
void smlua_text_utils_course_acts_replace(s16 courseNum, const char* courseName, const char* act1, const char* act2, const char* act3, const char* act4, const char* act5, const char* act6) {
if (courseNum <= 0 || courseNum > COURSE_RR) { return; }
struct CourseName* courseActNames = gReplacedActNameTable[courseNum];
- snprintf(courseActNames->name, 256, "%s", courseName + 3);
+ snprintf(courseActNames->name, 256, "%s", courseName + (3 * str_starts_with_spaces(courseName)));
courseActNames->modIndex = gLuaActiveMod->index;
#define REPLACE_ACT_NAME(i) \
@@ -286,7 +294,7 @@ void smlua_text_utils_secret_star_replace(s16 courseNum, const char* courseName)
*/
struct CourseName* courseActNames = gReplacedActNameTable[courseNum];
- snprintf(courseActNames->name, 256, "%s", courseName + 3);
+ snprintf(courseActNames->name, 256, "%s", courseName + (3 * str_starts_with_spaces(courseName)));
courseActNames->modIndex = gLuaActiveMod->index;
}