fix: security vulnerabilities (#1980)

* fix: security vulnerabilities Tested that all functions related to the touched files work will test sqlite on a CI build * fix failing test * ai feedback * add buffer size checking * use c_str * dont log session key * Try this for a mac definition * be quiet apple
2026-06-09 16:24:22 +00:00 · 2026-06-07 20:59:11 -07:00
parent f6c9a27a2b
commit a156a8fcba
109 changed files with 806 additions and 514 deletions
--- a/dScripts/ai/FV/FvBrickPuzzleServer.cpp
+++ b/dScripts/ai/FV/FvBrickPuzzleServer.cpp
@@ -6,6 +6,7 @@

 void FvBrickPuzzleServer::OnStartup(Entity* self) {
 	const auto myGroup = GeneralUtils::UTF16ToWTF8(self->GetVar<std::u16string>(u"spawner_name"));
+	if (myGroup.size() <= 10) return;

 	const auto pipeNum = GeneralUtils::TryParse<int32_t>(myGroup.substr(10, 1));
 	if (!pipeNum) return;
@@ -17,6 +18,7 @@ void FvBrickPuzzleServer::OnStartup(Entity* self) {

 void FvBrickPuzzleServer::OnDie(Entity* self, Entity* killer) {
 	const auto myGroup = GeneralUtils::UTF16ToWTF8(self->GetVar<std::u16string>(u"spawner_name"));
+	if (myGroup.size() <= 10) return;

 	const auto pipeNum = GeneralUtils::TryParse<int32_t>(myGroup.substr(10, 1));
 	if (!pipeNum) return;
--- a/dScripts/ai/FV/FvFacilityBrick.cpp
+++ b/dScripts/ai/FV/FvFacilityBrick.cpp
@@ -9,9 +9,12 @@ void FvFacilityBrick::OnStartup(Entity* self) {
 }

 void FvFacilityBrick::OnNotifyObject(Entity* self, Entity* sender, const std::string& name, int32_t param1, int32_t param2) {
-	auto* brickSpawner = Game::zoneManager->GetSpawnersByName("ImaginationBrick")[0];
-	auto* bugSpawner = Game::zoneManager->GetSpawnersByName("MaelstromBug")[0];
-	auto* canisterSpawner = Game::zoneManager->GetSpawnersByName("BrickCanister")[0];
+	const auto brickObjs = Game::zoneManager->GetSpawnersByName("ImaginationBrick");
+	auto* const brickSpawner = brickObjs.empty() ? nullptr : brickObjs[0];
+	const auto bugObjs = Game::zoneManager->GetSpawnersByName("MaelstromBug");
+	auto* const bugSpawner = bugObjs.empty() ? nullptr : bugObjs[0];
+	const auto canisterObjs = Game::zoneManager->GetSpawnersByName("BrickCanister");
+	auto* const canisterSpawner = canisterObjs.empty() ? nullptr : canisterObjs[0];

 	if (name == "ConsoleLeftUp") {
 		GameMessages::SendStopFXEffect(self, true, "LeftPipeOff");
@@ -62,7 +65,7 @@ void FvFacilityBrick::OnNotifyObject(Entity* self, Entity* sender, const std::st
 		canisterSpawner->Reset();
 		canisterSpawner->Deactivate();
 	} else if (self->GetVar<bool>(u"ConsoleLEFTActive") || self->GetVar<bool>(u"ConsoleRIGHTActive")) {
-		brickSpawner->Activate();
+		if (brickSpawner) brickSpawner->Activate();

 		auto* object = Game::entityManager->GetEntitiesInGroup("Brick")[0];

@@ -70,17 +73,25 @@ void FvFacilityBrick::OnNotifyObject(Entity* self, Entity* sender, const std::st
 			GameMessages::SendStopFXEffect(object, true, "bluebrick");
 		}

-		bugSpawner->Reset();
-		bugSpawner->Deactivate();
+		if (bugSpawner) {
+			bugSpawner->Reset();
+			bugSpawner->Deactivate();
+		}

-		canisterSpawner->Reset();
-		canisterSpawner->Activate();
+		if (canisterSpawner) {
+			canisterSpawner->Reset();
+			canisterSpawner->Activate();
+		}
 	} else {
-		brickSpawner->Reset();
-		brickSpawner->Deactivate();
+		if (brickSpawner) {
+			brickSpawner->Reset();
+			brickSpawner->Deactivate();
+		}

-		bugSpawner->Reset();
-		bugSpawner->Activate();
+		if (bugSpawner) {
+			bugSpawner->Reset();
+			bugSpawner->Activate();
+		}
 	}
 }