mirror/jak-project
1
0
Fork 0
mirror of https://github.com/open-goal/jak-project synced 2026-06-26 18:42:01 -04:00
Code Issues Packages Projects Releases Wiki Activity

[jak2] fix use-after-free bug in nav enemies (#3240)

Browse Source 
Fixes #3153
This commit is contained in:
ManDude
2023-12-03 09:24:34 +00:00
committed by GitHub
parent 974f5931de
commit be6a6dead4
13 changed files with 100 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files
goal_src/jak2/engine/nav/nav-enemy.gc
+5 -3
View File
@@ -2598,9 +2598,11 @@ This commonly includes things such as:
(t9-0)
)
)
(let ((v1-4 (-> self nav)))
(logclear! (-> v1-4 shape nav-flags) (nav-flags has-extra-sphere))
)
;; og:preserve-this fix potential use-after-free bug
(if (-> self nav)
(let ((v1-4 (-> self nav)))
(logclear! (-> v1-4 shape nav-flags) (nav-flags has-extra-sphere))
))
0
)
:code (behavior ()
goal_src/jak2/engine/target/mech/grunt-mech.gc
+5 -3
View File
@@ -683,9 +683,11 @@
(set! (-> v1-1 prim-core collide-as) (-> self root backup-collide-as))
(set! (-> v1-1 prim-core collide-with) (-> self root backup-collide-with))
)
(let ((v1-2 (-> self nav)))
(logclear! (-> v1-2 shape nav-flags) (nav-flags has-extra-sphere))
)
;; og:preserve-this fix potential use-after-free bug
(if (-> self nav)
(let ((v1-2 (-> self nav)))
(logclear! (-> v1-2 shape nav-flags) (nav-flags has-extra-sphere))
))
0
(logior! (-> self root nav-flags) (nav-flags has-root-sphere))
)
goal_src/jak2/levels/castle/boss/castle-baron.gc
+15 -9
View File
@@ -2218,14 +2218,18 @@ For example for an elevator pre-compute the distance between the first and last
)
:exit (behavior ()
(set! (-> self next-shooting-frame) 200)
(let ((v1-1 (-> self nav)))
(set! (-> v1-1 target-speed) 122880.0)
)
;; og:preserve-this fix potential use-after-free bug
(if (-> self nav)
(let ((v1-1 (-> self nav)))
(set! (-> v1-1 target-speed) 122880.0)
))
0
(set! (-> *krew-boss-nav-enemy-info* run-travel-speed) 122880.0)
(let ((v1-5 (-> self nav)))
(set! (-> v1-5 sphere-mask) (the-as uint #x800f8))
)
;; og:preserve-this fix potential use-after-free bug
(if (-> self nav)
(let ((v1-5 (-> self nav)))
(set! (-> v1-5 sphere-mask) (the-as uint #x800f8))
))
0
(if (logtest? (enemy-flag enemy-flag43) (-> self enemy-flags))
(logior! (-> self nav flags) (nav-control-flag update-heading-from-facing))
@@ -2997,9 +3001,11 @@ For example for an elevator pre-compute the distance between the first and last
(t9-0)
)
)
(let ((v1-4 (-> self nav)))
(set! (-> v1-4 sphere-mask) (the-as uint #x800f8))
)
;; og:preserve-this fix potential use-after-free bug
(if (-> self nav)
(let ((v1-4 (-> self nav)))
(set! (-> v1-4 sphere-mask) (the-as uint #x800f8))
))
0
)
:trans (behavior ()
goal_src/jak2/levels/castle/roboguard-level.gc
+5 -3
View File
@@ -368,9 +368,11 @@
)
:exit (behavior ()
(logclear! (-> self nav flags) (nav-control-flag output-sphere-hash))
(let ((v1-2 (-> self nav)))
(logclear! (-> v1-2 shape nav-flags) (nav-flags has-extra-sphere))
)
;; og:preserve-this fix potential use-after-free bug
(if (-> self nav)
(let ((v1-2 (-> self nav)))
(logclear! (-> v1-2 shape nav-flags) (nav-flags has-extra-sphere))
))
0
)
:code (behavior ()
goal_src/jak2/levels/city/kiddogescort/crocesc-states.gc
+5 -3
View File
@@ -601,9 +601,11 @@
(set! (-> self vehicle-handle) (the-as handle #f))
(logclear! (-> self bot-flags) (bot-flags bf16))
(logclear! (-> self focus-status) (focus-status pilot-riding pilot))
(let ((v1-5 (-> self nav)))
(logclear! (-> v1-5 shape nav-flags) (nav-flags has-extra-sphere))
)
;; og:preserve-this fix potential use-after-free bug
(if (-> self nav)
(let ((v1-5 (-> self nav)))
(logclear! (-> v1-5 shape nav-flags) (nav-flags has-extra-sphere))
))
0
(logclear! (-> self focus-status) (focus-status disable))
(let ((v1-10 (-> self enemy-flags)))
goal_src/jak2/levels/city/kiddogescort/kidesc-states.gc
+5 -3
View File
@@ -551,9 +551,11 @@
(set! (-> self vehicle-handle) (the-as handle #f))
(logclear! (-> self bot-flags) (bot-flags bf16))
(logclear! (-> self focus-status) (focus-status pilot-riding pilot))
(let ((v1-11 (-> self nav)))
(logclear! (-> v1-11 shape nav-flags) (nav-flags has-extra-sphere))
)
;; og:preserve-this fix potential use-after-free bug
(if (-> self nav)
(let ((v1-11 (-> self nav)))
(logclear! (-> v1-11 shape nav-flags) (nav-flags has-extra-sphere))
))
0
(logclear! (-> self focus-status) (focus-status disable))
(let ((v1-16 (-> self enemy-flags)))
goal_src/jak2/levels/city/traffic/citizen/civilian.gc
+15 -9
View File
@@ -1092,9 +1092,11 @@
(set! (-> v1-5 prim-core collide-with) (-> self root backup-collide-with))
)
(logior! (-> self root nav-flags) (nav-flags has-root-sphere))
(let ((v1-9 (-> self nav)))
(set! (-> v1-9 sphere-mask) (the-as uint #x800fe))
)
;; og:preserve-this fix potential use-after-free bug
(if (-> self nav)
(let ((v1-9 (-> self nav)))
(set! (-> v1-9 sphere-mask) (the-as uint #x800fe))
))
0
)
:trans (behavior ()
@@ -1170,9 +1172,11 @@
(set! (-> v1-5 prim-core collide-with) (-> self root backup-collide-with))
)
(logior! (-> self root nav-flags) (nav-flags has-root-sphere))
(let ((v1-9 (-> self nav)))
(set! (-> v1-9 sphere-mask) (the-as uint #x800fe))
)
;; og:preserve-this fix potential use-after-free bug
(if (-> self nav)
(let ((v1-9 (-> self nav)))
(set! (-> v1-9 sphere-mask) (the-as uint #x800fe))
))
0
)
:trans (behavior ()
@@ -1594,9 +1598,11 @@
0
)
:exit (behavior ()
(let ((v1-0 (-> self nav)))
(set! (-> v1-0 sphere-mask) (the-as uint #x800fe))
)
;; og:preserve-this fix potential use-after-free bug
(if (-> self nav)
(let ((v1-0 (-> self nav)))
(set! (-> v1-0 sphere-mask) (the-as uint #x800fe))
))
0
(logclear! (-> self flags) (citizen-flag persistent))
)
goal_src/jak2/levels/common/enemy/fodder/fodder.gc
+10 -6
View File
@@ -580,13 +580,17 @@
0
)
:exit (behavior ()
(let ((v1-0 (-> self nav)))
(set! (-> v1-0 target-speed) (-> self enemy-info run-travel-speed))
)
;; og:preserve-this fix potential use-after-free bug
(if (-> self nav)
(let ((v1-0 (-> self nav)))
(set! (-> v1-0 target-speed) (-> self enemy-info run-travel-speed))
))
0
(let ((v1-2 (-> self nav)))
(set! (-> v1-2 turning-acceleration) (-> self enemy-info run-turning-acceleration))
)
;; og:preserve-this fix potential use-after-free bug
(if (-> self nav)
(let ((v1-2 (-> self nav)))
(set! (-> v1-2 turning-acceleration) (-> self enemy-info run-turning-acceleration))
))
0
(fodder-method-181 self #f)
(if (logtest? (-> self enemy-flags) (enemy-flag check-water))
goal_src/jak2/levels/common/enemy/metalmonk.gc
+15 -9
View File
@@ -553,13 +553,17 @@
(t9-0)
)
)
(let ((v1-4 (-> self nav)))
(set! (-> v1-4 max-rotation-rate) (-> self enemy-info maximum-rotation-rate))
)
;; og:preserve-this fix potential use-after-free bug
(if (-> self nav)
(let ((v1-4 (-> self nav)))
(set! (-> v1-4 max-rotation-rate) (-> self enemy-info maximum-rotation-rate))
))
0
(let ((v1-6 (-> self nav)))
(set! (-> v1-6 turning-acceleration) (-> self enemy-info run-turning-acceleration))
)
;; og:preserve-this fix potential use-after-free bug
(if (-> self nav)
(let ((v1-6 (-> self nav)))
(set! (-> v1-6 turning-acceleration) (-> self enemy-info run-turning-acceleration))
))
0
)
:code (behavior ()
@@ -725,9 +729,11 @@
(logclear! (-> self enemy-flags) (enemy-flag actor-pause-backup))
(metalmonk-method-180 self #f)
(nav-enemy-method-168 self)
(let ((v1-6 (-> self nav)))
(set! (-> v1-6 target-speed) (-> self enemy-info run-travel-speed))
)
;; og:preserve-this fix potential use-after-free bug
(if (-> self nav)
(let ((v1-6 (-> self nav)))
(set! (-> v1-6 target-speed) (-> self enemy-info run-travel-speed))
))
0
(if (logtest? (-> self enemy-flags) (enemy-flag check-water))
(logior! (-> self focus-status) (focus-status dangerous))
goal_src/jak2/levels/common/enemy/spyder.gc
+5 -3
View File
@@ -1008,9 +1008,11 @@
)
:exit (behavior ()
(logclear! (-> self enemy-flags) (enemy-flag actor-pause-backup))
(let ((v1-2 (-> self nav)))
(set! (-> v1-2 max-rotation-rate) (-> *spyder-nav-enemy-info* maximum-rotation-rate))
)
;; og:preserve-this fix potential use-after-free bug
(if (-> self nav)
(let ((v1-2 (-> self nav)))
(set! (-> v1-2 max-rotation-rate) (-> *spyder-nav-enemy-info* maximum-rotation-rate))
))
0
)
:trans (behavior ()
goal_src/jak2/levels/common/entities/spydroid.gc
+5 -3
View File
@@ -914,9 +914,11 @@
:exit (behavior ()
(logclear! (-> self enemy-flags) (enemy-flag actor-pause-backup))
(nav-enemy-method-168 self)
(let ((v1-4 (-> self nav)))
(set! (-> v1-4 target-speed) (-> self enemy-info run-travel-speed))
)
;; og:preserve-this fix potential use-after-free bug
(if (-> self nav)
(let ((v1-4 (-> self nav)))
(set! (-> v1-4 target-speed) (-> self enemy-info run-travel-speed))
))
0
(if (logtest? (-> self enemy-flags) (enemy-flag check-water))
(logior! (-> self focus-status) (focus-status dangerous))
goal_src/jak2/levels/mountain/rhino.gc
+5 -3
View File
@@ -1282,9 +1282,11 @@
(set! (-> v1-1 speed) 0.0)
)
0
(let ((v1-3 (-> self nav)))
(set! (-> v1-3 target-speed) (-> self enemy-info walk-travel-speed))
)
;; og:preserve-this fix potential use-after-free bug
(if (-> self nav)
(let ((v1-3 (-> self nav)))
(set! (-> v1-3 target-speed) (-> self enemy-info walk-travel-speed))
))
0
(set! (-> self in-stop-run) #f)
)
goal_src/jak2/levels/nest/mantis.gc
+5 -3
View File
@@ -748,9 +748,11 @@
)
:exit (behavior ()
(change-to (nav-mesh-from-res-tag (-> self entity) 'nav-mesh-actor 0) self)
(let ((v1-2 (-> self nav)))
(set! (-> v1-2 max-rotation-rate) (-> self enemy-info maximum-rotation-rate))
)
;; og:preserve-this fix potential use-after-free bug
(if (-> self nav)
(let ((v1-2 (-> self nav)))
(set! (-> v1-2 max-rotation-rate) (-> self enemy-info maximum-rotation-rate))
))
0
)
:trans (behavior ()