Skip to content

Commit

Permalink
Fix some Address Sanitizer errors (#384)
Browse files Browse the repository at this point in the history 
* fix some invalid memory accesses
  • Loading branch information
@dethrace-labs
dethrace-labs authored Jul 9, 2024
1 parent e3a50e3 commit ca1098a
Show file tree
Hide file tree
Showing 3 changed files with 38 additions and 20 deletions.
7 changes: 4 additions & 3 deletions src/DETHRACE/CMakeLists.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,12 +10,13 @@ target_include_directories(dethrace_obj
pd
)

# add_compile_options(-fsanitize=address)
# add_link_options(-fsanitize=address)
if (DETHRACE_ASAN)
target_compile_options(dethrace_obj PUBLIC -fsanitize=address)
target_link_options(dethrace_obj PUBLIC -fsanitize=address)
endif()

target_link_libraries(dethrace_obj PUBLIC SDL2::SDL2 smackw32 harness BRender::Full BRender::DDI s3)


if(MSVC)
target_compile_definitions(dethrace_obj PRIVATE -D_CRT_SECURE_NO_WARNINGS)
target_compile_options(dethrace_obj PRIVATE
Expand Down
42 changes: 26 additions & 16 deletions src/DETHRACE/common/car.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2769,13 +2769,10 @@ int CollCheck(tCollision_info* c, br_scalar dt) {
br_matrix34 message_mat;
LOG_TRACE("(%p, %f)", c, dt);

tCar_spec* car_spec; // added for readability

// v34 = 0;
// v35 = 0;
// v36 = 0x3F800000;
// v48 = 0x3F800347;
car_spec = (tCar_spec*)c;
mat = &c->car_master_actor->t.t.mat;
oldmat = &c->oldmat;
k = 0;
Expand Down Expand Up @@ -3040,7 +3037,7 @@ int CollCheck(tCollision_info* c, br_scalar dt) {
BrVector3Set(&normal_force, 0.f, 0.f, 0.f);
BrVector3Set(&c->omega, 0.f, 0.f, 0.f);
BrVector3Set(&c->oldomega, 0.f, 0.f, 0.f);
if (c->driver <= eDriver_non_car || car_spec->max_force_rear == 0.0f) {
if (c->driver <= eDriver_non_car || CAR(c)->max_force_rear == 0.0f) {
if (c->driver <= eDriver_non_car) {
PipeSingleNonCar(c);
}
Expand All @@ -3060,17 +3057,23 @@ int CollCheck(tCollision_info* c, br_scalar dt) {
}
BrVector3Accumulate(&c->v, &norm);
if (c->driver >= eDriver_net_human) {
BrVector3Scale(&normal_force, &normal_force, gDefensive_powerup_factor[car_spec->power_up_levels[0]]);
BrVector3Scale(&normal_force, &normal_force, gDefensive_powerup_factor[CAR(c)->power_up_levels[0]]);
}
if (c->driver < eDriver_net_human) {
BrVector3Scale(&normal_force, &normal_force, 0.01f);
} else {
BrVector3Scale(&normal_force, &normal_force, 0.75f);
}
if (CAR(c)->invulnerable
|| (c->driver < eDriver_net_human && (c->driver != eDriver_oppo || PointOutOfSight(&c->pos, 150.0f)))
|| ((v_diff = (car_spec->pre_car_col_velocity.v[1] - c->v.v[1]) * gDefensive_powerup_factor[car_spec->power_up_levels[0]]) >= -20.0f)
|| CAR(c)->number_of_wheels_on_ground >= 3) {
if (
#if defined(DETHRACE_FIX_BUGS)
// `c` is only a `tCar_spec*` if the driver is an opponent or human, otherwise, it will be a `tNon_car_spec*`. The following code
// assumes `c` is a `tCar_spec*`, causing invalid memory accesses
c->driver >= eDriver_oppo &&
#endif
(CAR(c)->invulnerable
|| (c->driver < eDriver_net_human && (c->driver != eDriver_oppo || PointOutOfSight(&c->pos, 150.0f)))
|| ((v_diff = (CAR(c)->pre_car_col_velocity.v[1] - c->v.v[1]) * gDefensive_powerup_factor[CAR(c)->power_up_levels[0]]) >= -20.0f)
|| CAR(c)->number_of_wheels_on_ground >= 3)) {
CrushAndDamageCar(CAR(c), &dir, &normal_force, NULL);
} else {
// Cops Special Forces is always stolen if destroyed!
Expand All @@ -3079,12 +3082,19 @@ int CollCheck(tCollision_info* c, br_scalar dt) {
StealCar(CAR(c));
v_diff = v_diff * 5.0f;
}
for (i = 0; i < CAR(c)->car_actor_count; i++) {
ts2 = (v_diff + 20.0f) * -0.01f;
TotallySpamTheModel(CAR(c), i, CAR(c)->car_model_actors[i].actor, &CAR(c)->car_model_actors[i].crush_data, ts2);
}
for (i = 0; i < COUNT_OF(CAR(c)->damage_units); i++) {
DamageUnit(CAR(c), i, IRandomPosNeg(5) + (v_diff + 20.0f) * -1.5f);
#if defined(DETHRACE_FIX_BUGS)
// `c` is only a `tCar_spec*` if the driver is an opponent or human, otherwise, it will be a `tNon_car_spec*`. The following code
// assumes `c` is a `tCar_spec*`, causing invalid memory accesses
if (c->driver >= eDriver_oppo)
#endif
{
for (i = 0; i < CAR(c)->car_actor_count; i++) {
ts2 = (v_diff + 20.0f) * -0.01f;
TotallySpamTheModel(CAR(c), i, CAR(c)->car_model_actors[i].actor, &CAR(c)->car_model_actors[i].crush_data, ts2);
}
for (i = 0; i < COUNT_OF(CAR(c)->damage_units); i++) {
DamageUnit(CAR(c), i, IRandomPosNeg(5) + (v_diff + 20.0f) * -1.5f);
}
}
}
if (!noise_defeat) {
Expand All @@ -3094,7 +3104,7 @@ int CollCheck(tCollision_info* c, br_scalar dt) {
BrVector3InvScale(&tv, &tv, WORLD_SCALE);
BrMatrix34ApplyV(&bb, &tv, &c->car_master_actor->t.t.mat);
BrMatrix34ApplyV(&norm, &p_vel, &c->car_master_actor->t.t.mat);
CreateSparks(&pos, &bb, &norm, gCurrent_race.material_modifiers[gMaterial_index].sparkiness, car_spec);
CreateSparks(&pos, &bb, &norm, gCurrent_race.material_modifiers[gMaterial_index].sparkiness, CAR(c));
}
return k;
} else {
Expand Down
9 changes: 8 additions & 1 deletion src/DETHRACE/common/spark.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2491,6 +2491,13 @@ void MungeSplash(tU32 pTime) {
if (!gAction_replay_mode || GetReplayRate() == 0.0) {
if (!gAction_replay_mode) {
for (i = 0; i < gNum_cars_and_non_cars; i++) {
#if defined(DETHRACE_FIX_BUGS)
// CreateSpash assumes a `tCar_spec*` argument. In the case a non-car is pushed into the water, a `tNon_car_spec*` is passed,
// causing invalid memory accesses
if (gActive_car_list[i]->driver < eDriver_oppo) {
continue;
}
#endif
if (gActive_car_list[i]->water_d != 10000.0 && gActive_car_list[i]->driver != eDriver_local_human) {
CreateSplash(gActive_car_list[i], pTime);
}
Expand All @@ -2516,7 +2523,7 @@ void MungeSplash(tU32 pTime) {
}
}
if (gProgram_state.current_car.water_d != 10000.0) {
CreateSplash(&gProgram_state.current_car, 0x64u);
CreateSplash(&gProgram_state.current_car, 100);
}
}
if (!gSplash_flags) {
Expand Down

0 comments on commit ca1098a

Please sign in to comment.