fix: security vulnerabilities

Tested that all functions related to the touched files work will test sqlite on a CI build
2026-06-08 07:44:23 +00:00 · 2026-06-06 23:13:09 -07:00
parent 8e09ffd6e8
commit fb166bd24d
107 changed files with 786 additions and 512 deletions
--- a/dDatabase/CDClientDatabase/CDClientTables/CDItemComponentTable.cpp
+++ b/dDatabase/CDClientDatabase/CDClientTables/CDItemComponentTable.cpp
@@ -154,8 +154,8 @@ std::map<LOT, uint32_t> CDItemComponentTable::ParseCraftingCurrencies(const CDIt
 			// Checking for 2 here, not sure what to do when there's more stuff than expected
 			if (amountSplit.size() == 2) {
 				currencies.insert({
-					std::stoull(amountSplit[0]),
-					std::stoi(amountSplit[1])
+					GeneralUtils::TryParse<LOT>(amountSplit[0], LOT_NULL),
+					GeneralUtils::TryParse<uint32_t>(amountSplit[1], 0)
 					});
 			}
 		}
--- a/dDatabase/CDClientDatabase/CDClientTables/CDMissionsTable.cpp
+++ b/dDatabase/CDClientDatabase/CDClientTables/CDMissionsTable.cpp
@@ -93,13 +93,14 @@ std::vector<CDMissions> CDMissionsTable::Query(std::function<bool(CDMissions)> p
 }

 const CDMissions* CDMissionsTable::GetPtrByMissionID(uint32_t missionID) const {
+	const CDMissions* toReturn = &Default;
 	for (const auto& entry : GetEntries()) {
 		if (entry.id == missionID) {
-			return const_cast<CDMissions*>(&entry);
+			toReturn = &entry;
 		}
 	}

-	return &Default;
+	return toReturn;
 }

 const CDMissions& CDMissionsTable::GetByMissionID(uint32_t missionID, bool& found) const {
--- a/dDatabase/CDClientDatabase/CDClientTables/CDMissionsTable.h
+++ b/dDatabase/CDClientDatabase/CDClientTables/CDMissionsTable.h
@@ -66,6 +66,7 @@ public:
 	// Queries the table with a custom "where" clause
 	std::vector<CDMissions> Query(std::function<bool(CDMissions)> predicate);

+	// Cannot be null.
 	const CDMissions* GetPtrByMissionID(uint32_t missionID) const;

 	const CDMissions& GetByMissionID(uint32_t missionID, bool& found) const;
--- a/dDatabase/CDClientDatabase/CDClientTables/CDObjectsTable.cpp
+++ b/dDatabase/CDClientDatabase/CDClientTables/CDObjectsTable.cpp
@@ -69,7 +69,7 @@ const CDObjects& CDObjectsTable::GetByID(const uint32_t lot) {
 		entry.name = tableData.getStringField("name", "");
 		UNUSED(entry.placeable = tableData.getIntField("placeable", -1));
 		entry.type = tableData.getStringField("type", "");
-		UNUSED(ntry.description = tableData.getStringField(4, ""));
+		UNUSED(entry.description = tableData.getStringField(4, ""));
 		UNUSED(entry.localize = tableData.getIntField("localize", -1));
 		UNUSED(entry.npcTemplateID = tableData.getIntField("npcTemplateID", -1));
 		UNUSED(entry.displayName = tableData.getStringField("displayName", ""));
--- a/dDatabase/CDClientDatabase/CDClientTables/CDRailActivatorComponent.cpp
+++ b/dDatabase/CDClientDatabase/CDClientTables/CDRailActivatorComponent.cpp
@@ -56,7 +56,7 @@ CDRailActivatorComponent CDRailActivatorComponentTable::GetEntryByID(int32_t id)
 std::pair<uint32_t, std::u16string> CDRailActivatorComponentTable::EffectPairFromString(std::string& str) {
 	const auto split = GeneralUtils::SplitString(str, ':');
 	if (split.size() == 2) {
-		return { std::stoi(split.at(0)), GeneralUtils::ASCIIToUTF16(split.at(1)) };
+		return { GeneralUtils::TryParse(split.at(0), 0), GeneralUtils::ASCIIToUTF16(split.at(1)) };
 	}

 	return {};