From 9fabff16e49994dd6513c64f22fe6b3f72dcd6ae Mon Sep 17 00:00:00 2001 From: David Markowitz <39972741+EmosewaMC@users.noreply.github.com> Date: Fri, 2 Jun 2023 04:44:49 -0700 Subject: [PATCH 1/3] Update AMFDeserialize (#1096) Per ISO C++ standard 9.7.1 5.3, "Otherwise the type of the enumerator is the same as that of the preceding enumerator unless the incremented value is not representable in that type, in which case the type is an unspecified integral type sufficient to contain the incremented value. If no such type exists, the program is ill-formed." it is not undefined behavior to set a scoped enum to a value outside of its constant range because all values of the underlying type can represent the scoped enum --- dCommon/AMFDeserialize.cpp | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/dCommon/AMFDeserialize.cpp b/dCommon/AMFDeserialize.cpp index 9eee1f12..648d1ed1 100644 --- a/dCommon/AMFDeserialize.cpp +++ b/dCommon/AMFDeserialize.cpp @@ -13,10 +13,8 @@ AMFBaseValue* AMFDeserialize::Read(RakNet::BitStream* inStream) { if (!inStream) return nullptr; AMFBaseValue* returnValue = nullptr; // Read in the value type from the bitStream - uint8_t i; - inStream->Read(i); - if (i > static_cast(eAmf::Dictionary)) return nullptr; - eAmf marker = static_cast(i); + eAmf marker; + inStream->Read(marker); // Based on the typing, create the value associated with that and return the base value class switch (marker) { case eAmf::Undefined: { From 8ae1e1bc6b1cbbd926bfc97d8be05483af094388 Mon Sep 17 00:00:00 2001 From: David Markowitz <39972741+EmosewaMC@users.noreply.github.com> Date: Sat, 3 Jun 2023 00:40:46 -0700 Subject: [PATCH 2/3] Fix: remove ability to buy items from a vendor if they don't sell said item (#1105) --- dGame/dComponents/VendorComponent.cpp | 4 ++++ dGame/dComponents/VendorComponent.h | 2 ++ dGame/dGameMessages/GameMessages.cpp | 9 +++++++-- 3 files changed, 13 insertions(+), 2 deletions(-) diff --git a/dGame/dComponents/VendorComponent.cpp b/dGame/dComponents/VendorComponent.cpp index c9178785..e89cc926 100644 --- a/dGame/dComponents/VendorComponent.cpp +++ b/dGame/dComponents/VendorComponent.cpp @@ -134,3 +134,7 @@ void VendorComponent::SetupConstants() { m_RefreshTimeSeconds = vendorComps[0].refreshTimeSeconds; m_LootMatrixID = vendorComps[0].LootMatrixIndex; } + +bool VendorComponent::SellsItem(const LOT item) const { + return m_Inventory.find(item) != m_Inventory.end(); +} diff --git a/dGame/dComponents/VendorComponent.h b/dGame/dComponents/VendorComponent.h index bf372bf2..cbff0cfd 100644 --- a/dGame/dComponents/VendorComponent.h +++ b/dGame/dComponents/VendorComponent.h @@ -67,6 +67,8 @@ public: * Called on startup of vendor to setup the variables for the component. */ void SetupConstants(); + + bool SellsItem(const LOT item) const; private: /** * The buy scalar. diff --git a/dGame/dGameMessages/GameMessages.cpp b/dGame/dGameMessages/GameMessages.cpp index c178f6c7..16460025 100644 --- a/dGame/dGameMessages/GameMessages.cpp +++ b/dGame/dGameMessages/GameMessages.cpp @@ -4733,12 +4733,17 @@ void GameMessages::HandleBuyFromVendor(RakNet::BitStream* inStream, Entity* enti const auto isCommendationVendor = entity->GetLOT() == 13806; - VendorComponent* vend = static_cast(entity->GetComponent(eReplicaComponentType::VENDOR)); + auto* vend = entity->GetComponent(); if (!vend && !isCommendationVendor) return; - InventoryComponent* inv = static_cast(player->GetComponent(eReplicaComponentType::INVENTORY)); + auto* inv = player->GetComponent(); if (!inv) return; + if (!isCommendationVendor && !vend->SellsItem(item)) { + Game::logger->Log("GameMessages", "User %llu %s tried to buy an item %i from a vendor when they do not sell said item", player->GetObjectID(), user->GetUsername().c_str(), item); + return; + } + CDComponentsRegistryTable* compRegistryTable = CDClientManager::Instance().GetTable(); CDItemComponentTable* itemComponentTable = CDClientManager::Instance().GetTable(); From b5897556551055548144e124e247477a3c0f1858 Mon Sep 17 00:00:00 2001 From: David Markowitz <39972741+EmosewaMC@users.noreply.github.com> Date: Sat, 3 Jun 2023 16:28:27 -0700 Subject: [PATCH 3/3] Fix out of bounds access in dpGrid (#1106) Fixes an issue where we would try to access an array out of the physics bounds --- dPhysics/dpGrid.cpp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/dPhysics/dpGrid.cpp b/dPhysics/dpGrid.cpp index 1631c91a..c3259b51 100644 --- a/dPhysics/dpGrid.cpp +++ b/dPhysics/dpGrid.cpp @@ -43,8 +43,8 @@ void dpGrid::Add(dpEntity* entity) { if (cellX < 0) cellX = 0; if (cellZ < 0) cellZ = 0; - if (cellX > NUM_CELLS) cellX = NUM_CELLS; - if (cellZ > NUM_CELLS) cellZ = NUM_CELLS; + if (cellX >= NUM_CELLS) cellX = NUM_CELLS - 1; + if (cellZ >= NUM_CELLS) cellZ = NUM_CELLS - 1; //Add to cell: m_Cells[cellX][cellZ].push_front(entity); @@ -87,8 +87,8 @@ void dpGrid::Delete(dpEntity* entity) { if (oldCellX < 0) oldCellX = 0; if (oldCellZ < 0) oldCellZ = 0; - if (oldCellX > NUM_CELLS) oldCellX = NUM_CELLS; - if (oldCellZ > NUM_CELLS) oldCellZ = NUM_CELLS; + if (oldCellX >= NUM_CELLS) oldCellX = NUM_CELLS - 1; + if (oldCellZ >= NUM_CELLS) oldCellZ = NUM_CELLS - 1; m_Cells[oldCellX][oldCellZ].remove(entity);