Merge pull request #32 from MikeIsAStar/prevent-a-buffer-overflow

[MKW] Prevent a buffer overflow caused by a malicious 'EVENT' packet
WiiLink24 · Jan 12, 2024 · e68c1fc · e68c1fc
2 parents fe2624b + 71c6ddd
commit e68c1fc
Show file tree

Hide file tree

Showing 9 changed files with 303 additions and 198 deletions.
diff --git a/payload/import/eggVector.hpp b/payload/import/eggVector.hpp
@@ -13,9 +13,11 @@ struct Vector3f {
     {
     }
 
-    f32 x;
-    f32 y;
-    f32 z;
+    /* 0x00 */ f32 x;
+    /* 0x04 */ f32 y;
+    /* 0x08 */ f32 z;
 };
 
+static_assert(sizeof(Vector3f) == 0x0C);
+
 } // namespace EGG
diff --git a/payload/import/mkwItem.hpp b/payload/import/mkwItem.hpp
@@ -6,6 +6,48 @@
 namespace mkw::Item
 {
 
+enum class ItemBox {
+    GreenShell = 0x00,
+    RedShell = 0x01,
+    Banana = 0x02,
+    FakeItemBox = 0x03,
+    Mushroom = 0x04,
+    TripleMushrooms = 0x05,
+    Bob_omb = 0x06,
+    BlueShell = 0x07,
+    Lightning = 0x08,
+    Star = 0x09,
+    GoldenMushroom = 0x0A,
+    MegaMushroom = 0x0B,
+    Blooper = 0x0C,
+    POWBlock = 0x0D,
+    ThunderCloud = 0x0E,
+    BulletBill = 0x0F,
+    TripleGreenShells = 0x10,
+    TripleRedShells = 0x11,
+    TripleBananas = 0x12,
+    NoItem = 0x14,
+};
+
+enum class ItemObject {
+    GreenShell = 0x00,
+    RedShell = 0x01,
+    Banana = 0x02,
+    Mushroom = 0x03,
+    Star = 0x04,
+    BlueShell = 0x05,
+    Lightning = 0x06,
+    FakeItemBox = 0x07,
+    MegaMushroom = 0x08,
+    Bob_omb = 0x09,
+    Blooper = 0x0A,
+    POWBlock = 0x0B,
+    GoldenMushroom = 0x0C,
+    BulletBill = 0x0D,
+    ThunderCloud = 0x0E,
+    NoObject = 0x10,
+};
+
 struct ItemBehaviourEntry {
     /* 0x00 */ u8 _00[0x18 - 0x00];
     /* 0x18 */ void (*useFunction)(void* kartItem);
@@ -17,4 +59,106 @@ extern ItemBehaviourEntry itemBehaviourTable[0x13] AT(
     RMCXD_PORT(0x809C36A0, 0x809BEE98, 0x809C2700, 0x809B1CE0)
 );
 
+static bool CanTrailItem(ItemBox item)
+{
+    u8 trailedItem = static_cast<u8>(item);
+
+    return !itemBehaviourTable[trailedItem].useFunction;
+}
+
+static bool IsHeldItemValidVS(ItemBox item)
+{
+    switch (item) {
+    case ItemBox::GreenShell... ItemBox::TripleBananas:
+    case ItemBox::NoItem: {
+        return true;
+    }
+    default: {
+        return false;
+    }
+    }
+}
+
+static bool IsTrailedItemValidVS(ItemBox item)
+{
+    if (item == ItemBox::NoItem) {
+        return true;
+    }
+
+    if (!IsHeldItemValidVS(item)) {
+        return false;
+    }
+
+    return CanTrailItem(item);
+}
+
+static bool IsHeldItemValidBB(ItemBox item)
+{
+    switch (item) {
+    case ItemBox::GreenShell... ItemBox::Star:
+    case ItemBox::MegaMushroom... ItemBox::Blooper:
+    case ItemBox::TripleGreenShells... ItemBox::TripleBananas:
+    case ItemBox::NoItem: {
+        return true;
+    }
+    default: {
+        return false;
+    }
+    }
+}
+
+static bool IsTrailedItemValidBB(ItemBox item)
+{
+    if (item == ItemBox::NoItem) {
+        return true;
+    }
+
+    if (!IsHeldItemValidBB(item)) {
+        return false;
+    }
+
+    return CanTrailItem(item);
+}
+
+static bool IsHeldItemValidCR(ItemBox item)
+{
+    switch (item) {
+    case ItemBox::GreenShell... ItemBox::BlueShell:
+    case ItemBox::Star... ItemBox::POWBlock:
+    case ItemBox::TripleGreenShells... ItemBox::TripleBananas:
+    case ItemBox::NoItem: {
+        return true;
+    }
+    default: {
+        return false;
+    }
+    }
+}
+
+static bool IsTrailedItemValidCR(ItemBox item)
+{
+    if (item == ItemBox::NoItem) {
+        return true;
+    }
+
+    if (!IsHeldItemValidCR(item)) {
+        return false;
+    }
+
+    return CanTrailItem(item);
+}
+
+static bool IsItemObjectValid(ItemObject itemObject)
+{
+    switch (itemObject) {
+    case ItemObject::GreenShell... ItemObject::ThunderCloud:
+    case ItemObject::NoObject: {
+        return true;
+    }
+    default: {
+        return false;
+    }
+    }
+}
+
 } // namespace mkw::Item