From 95495d221fb8c34b9903c7fa03870c2834bf5b2c Mon Sep 17 00:00:00 2001 From: mzxrules Date: Tue, 17 Feb 2026 04:31:54 -0500 Subject: [PATCH] Document SysCfb_GetFbPtr bug (#2586) * Document SysCfb_GetFbPtr bug * cleaner comment * fixes * change wording again --- src/code/graph.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/code/graph.c b/src/code/graph.c index 56fc7af60c..c6b5f3cb61 100644 --- a/src/code/graph.c +++ b/src/code/graph.c @@ -141,6 +141,13 @@ void Graph_InitTHGA(GraphicsContext* gfxCtx) { gfxCtx->overlayBuffer = pool->overlayBuffer; gfxCtx->workBuffer = pool->workBuffer; + //! @bug fbIdx is a signed integer that can overflow into the negatives. When compiled with a C99+ compiler or IDO, + //! the remainder operator will yield -1 for odd negative values of fbIdx. + //! This causes SysCfb_GetFbPtr to read beyond the bounds of an array when retrieving the framebuffer pointer, which + //! will likely crash the game. + //! + //! This isn't an issue in practice. In the worst case scenario with the game operating at a consistent 60 FPS, + //! it would take approximately 414.25 days of continuous operation for fbIdx to overflow. gfxCtx->curFrameBuffer = SysCfb_GetFbPtr(gfxCtx->fbIdx % 2); gfxCtx->unk_014 = 0; }