From b155c307eadea2e5bd168abfce7df677d0edba8f Mon Sep 17 00:00:00 2001 From: Sierraffinity Date: Sat, 26 Dec 2020 17:23:36 -0800 Subject: [PATCH 1/4] Add UBFIX for null deref in CameraObjectReset2 --- src/event_object_movement.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/event_object_movement.c b/src/event_object_movement.c index 1d06ddc84..12ef4acdc 100644 --- a/src/event_object_movement.c +++ b/src/event_object_movement.c @@ -2275,7 +2275,18 @@ u8 CameraObjectGetFollowedObjectId(void) void CameraObjectReset2(void) { + // UB: Possible null dereference +#ifdef UBFIX + struct Sprite *cameraObject; + + cameraObject = FindCameraObject(); + if (cameraObject != NULL) + { + cameraObject->data[1] = 2; + } +#else FindCameraObject()->data[1] = 2; +#endif // UBFIX } u8 CopySprite(struct Sprite *sprite, s16 x, s16 y, u8 subpriority) From 86fdd033c62d54d679f2c28b5f446e2ef2df7e3e Mon Sep 17 00:00:00 2001 From: Sierraffinity Date: Sat, 26 Dec 2020 17:39:24 -0800 Subject: [PATCH 2/4] Add UBFIX for null derefs in sub_8088950 --- src/fieldmap.c | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/src/fieldmap.c b/src/fieldmap.c index 49337ebbe..296c4edf2 100644 --- a/src/fieldmap.c +++ b/src/fieldmap.c @@ -797,15 +797,33 @@ bool8 CameraMove(int x, int y) struct MapConnection *sub_8088950(u8 direction, int x, int y) { int count; - struct MapConnection *connection; int i; - count = gMapHeader.connections->count; - connection = gMapHeader.connections->connections; + struct MapConnection *connection; + const struct MapConnections *connections = gMapHeader.connections; + // UB: Multiple possible null dereferences +#ifdef UBFIX + if (connections != NULL) + { + count = connections->count; + connection = connections->connections; + if (connection != NULL) + { + for (i = 0; i < count; i++, connection++) + { + if (connection->direction == direction && sub_80889A8(direction, x, y, connection) == TRUE) + return connection; + } + } + } +#else + count = connections->count; + connection = connections->connections; for (i = 0; i < count; i++, connection++) { if (connection->direction == direction && sub_80889A8(direction, x, y, connection) == TRUE) return connection; } +#endif return NULL; } From bafbf9240d0f91ee3c38ca4652e3c54b9c503c9b Mon Sep 17 00:00:00 2001 From: Sierraffinity Date: Sat, 26 Dec 2020 17:47:36 -0800 Subject: [PATCH 3/4] Add UBFIX for null deref in sub_80D08CC --- src/pokemon_storage_system.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/pokemon_storage_system.c b/src/pokemon_storage_system.c index db8f3d2bb..4be1cf729 100644 --- a/src/pokemon_storage_system.c +++ b/src/pokemon_storage_system.c @@ -8408,8 +8408,13 @@ static void sub_80D08CC(void) for (j = sMoveMonsPtr->minRow; j < rowCount; j++) { struct BoxPokemon *boxMon = GetBoxedMonPtr(boxId, boxPosition); - + // UB: possible null dereference +#ifdef UBFIX + if (boxMon != NULL) + sMoveMonsPtr->boxMons[monArrayId] = *boxMon; +#else sMoveMonsPtr->boxMons[monArrayId] = *boxMon; +#endif monArrayId++; boxPosition++; } From 127bb97c0e5c50b9f22715bdf4e958937f7ef992 Mon Sep 17 00:00:00 2001 From: Sierraffinity Date: Sat, 26 Dec 2020 18:25:21 -0800 Subject: [PATCH 4/4] Add UBFIX for division by zero in SpriteCB_PokedexListMonSprite --- src/pokedex.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/pokedex.c b/src/pokedex.c index 516cef6a7..691abd649 100644 --- a/src/pokedex.c +++ b/src/pokedex.c @@ -3037,7 +3037,15 @@ static void SpriteCB_PokedexListMonSprite(struct Sprite *sprite) u32 var; sprite->pos2.y = gSineTable[(u8)sprite->data[5]] * 76 / 256; + // UB: possible division by zero +#ifdef UBFIX + if (gSineTable[sprite->data[5] + 64] != 0) + var = 0x10000 / gSineTable[sprite->data[5] + 64]; + else + var = 0xFFFF; +#else var = 0x10000 / gSineTable[sprite->data[5] + 64]; +#endif //UBFIX if (var > 0xFFFF) var = 0xFFFF; SetOamMatrix(sprite->data[1] + 1, 0x100, 0, 0, var);