From dac2cc486b362bb9644de5387822166f91abc1a0 Mon Sep 17 00:00:00 2001 From: Lukas Krickl Date: Sat, 21 Jun 2025 15:49:56 +0200 Subject: [PATCH] unit: Fixed out of bounds reads and write in unit->unit collision This was caused by attempting to use a clobbered A value as the loop index. --- src/actortables.s | 2 +- src/unit.s | 17 +++++++++++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/src/actortables.s b/src/actortables.s index 331ecc8..bf7807a 100644 --- a/src/actortables.s +++ b/src/actortables.s @@ -3,7 +3,7 @@ default_map_actor_table: .db 2 ; size dw unit_demo_2 -dw unit_demo_3 +; dw unit_demo_3 diff --git a/src/unit.s b/src/unit.s index 1bdf21a..344af06 100644 --- a/src/unit.s +++ b/src/unit.s @@ -265,13 +265,27 @@ unit_handle_inputs: ; a = CF_COLLISION if collision occured ; sets act_rt_collided_with unit_collides_with_any_other: +#define scratch_loop_i scratch ld hl, p0_units ld a, UNITS_MAX ; loop counter @loop: + ld [scratch_loop_i], a push de ; save current actor on stack push bc + ; skip act type == 0 + push de + push hl + ld de, act_type + add hl, de ; hl = actor type + ; skip if type is 0 + ld a, [hl] + cp a, 0 + pop hl + pop de + jr z, @skip REL + ; check if actor is current actor ld a, h cp a, d @@ -300,6 +314,8 @@ unit_collides_with_any_other: @skip: ld de, act_size add hl, de ; move to next actor + + ld a, [scratch_loop_i] dec a pop bc @@ -326,6 +342,7 @@ unit_collides_with_any_other: ; and set the CF_COLLISION flag ld a, CF_COLLISION ret +#undefine scratch_loop_i ; moves a unit up ; moves are aborted -- 2.30.2