Fix some Address Sanitizer errors (#384)

dethrace-labs · web-flow · commit ca1098ad91a0 · 2024-07-10T06:08:35.000+12:00
* fix some invalid memory accesses
diff --git a/src/DETHRACE/CMakeLists.txt b/src/DETHRACE/CMakeLists.txt
@@ -10,12 +10,13 @@ target_include_directories(dethrace_obj
         pd
 )
 
-# add_compile_options(-fsanitize=address)
-# add_link_options(-fsanitize=address)
+if (DETHRACE_ASAN)
+    target_compile_options(dethrace_obj PUBLIC -fsanitize=address)
+    target_link_options(dethrace_obj PUBLIC -fsanitize=address)
+endif()
 
 target_link_libraries(dethrace_obj PUBLIC SDL2::SDL2 smackw32 harness BRender::Full BRender::DDI s3)
 
-
 if(MSVC)
     target_compile_definitions(dethrace_obj PRIVATE -D_CRT_SECURE_NO_WARNINGS)
     target_compile_options(dethrace_obj PRIVATE
diff --git a/src/DETHRACE/common/car.c b/src/DETHRACE/common/car.c
@@ -2769,13 +2769,10 @@ int CollCheck(tCollision_info* c, br_scalar dt) {
     br_matrix34 message_mat;
     LOG_TRACE("(%p, %f)", c, dt);
 
-    tCar_spec* car_spec; // added for readability
-
     // v34 = 0;
     // v35 = 0;
     // v36 = 0x3F800000;
     // v48 = 0x3F800347;
-    car_spec = (tCar_spec*)c;
     mat = &c->car_master_actor->t.t.mat;
     oldmat = &c->oldmat;
     k = 0;
@@ -3040,7 +3037,7 @@ int CollCheck(tCollision_info* c, br_scalar dt) {
                     BrVector3Set(&normal_force, 0.f, 0.f, 0.f);
                     BrVector3Set(&c->omega, 0.f, 0.f, 0.f);
                     BrVector3Set(&c->oldomega, 0.f, 0.f, 0.f);
-                    if (c->driver <= eDriver_non_car || car_spec->max_force_rear == 0.0f) {
+                    if (c->driver <= eDriver_non_car || CAR(c)->max_force_rear == 0.0f) {
                         if (c->driver <= eDriver_non_car) {
                             PipeSingleNonCar(c);
                         }
@@ -3060,17 +3057,23 @@ int CollCheck(tCollision_info* c, br_scalar dt) {
             }
             BrVector3Accumulate(&c->v, &norm);
             if (c->driver >= eDriver_net_human) {
-                BrVector3Scale(&normal_force, &normal_force, gDefensive_powerup_factor[car_spec->power_up_levels[0]]);
+                BrVector3Scale(&normal_force, &normal_force, gDefensive_powerup_factor[CAR(c)->power_up_levels[0]]);
             }
             if (c->driver < eDriver_net_human) {
                 BrVector3Scale(&normal_force, &normal_force, 0.01f);
             } else {
                 BrVector3Scale(&normal_force, &normal_force, 0.75f);
             }
-            if (CAR(c)->invulnerable
-                || (c->driver < eDriver_net_human && (c->driver != eDriver_oppo || PointOutOfSight(&c->pos, 150.0f)))
-                || ((v_diff = (car_spec->pre_car_col_velocity.v[1] - c->v.v[1]) * gDefensive_powerup_factor[car_spec->power_up_levels[0]]) >= -20.0f)
-                || CAR(c)->number_of_wheels_on_ground >= 3) {
+            if (
+#if defined(DETHRACE_FIX_BUGS)
+                // `c` is only a `tCar_spec*` if the driver is an opponent or human, otherwise, it will be a `tNon_car_spec*`. The following code
+                // assumes `c` is a `tCar_spec*`, causing invalid memory accesses
+                c->driver >= eDriver_oppo &&
+#endif
+                (CAR(c)->invulnerable
+                    || (c->driver < eDriver_net_human && (c->driver != eDriver_oppo || PointOutOfSight(&c->pos, 150.0f)))
+                    || ((v_diff = (CAR(c)->pre_car_col_velocity.v[1] - c->v.v[1]) * gDefensive_powerup_factor[CAR(c)->power_up_levels[0]]) >= -20.0f)
+                    || CAR(c)->number_of_wheels_on_ground >= 3)) {
                 CrushAndDamageCar(CAR(c), &dir, &normal_force, NULL);
             } else {
                 // Cops Special Forces is always stolen if destroyed!
@@ -3079,12 +3082,19 @@ int CollCheck(tCollision_info* c, br_scalar dt) {
                     StealCar(CAR(c));
                     v_diff = v_diff * 5.0f;
                 }
-                for (i = 0; i < CAR(c)->car_actor_count; i++) {
-                    ts2 = (v_diff + 20.0f) * -0.01f;
-                    TotallySpamTheModel(CAR(c), i, CAR(c)->car_model_actors[i].actor, &CAR(c)->car_model_actors[i].crush_data, ts2);
-                }
-                for (i = 0; i < COUNT_OF(CAR(c)->damage_units); i++) {
-                    DamageUnit(CAR(c), i, IRandomPosNeg(5) + (v_diff + 20.0f) * -1.5f);
+#if defined(DETHRACE_FIX_BUGS)
+                // `c` is only a `tCar_spec*` if the driver is an opponent or human, otherwise, it will be a `tNon_car_spec*`. The following code
+                // assumes `c` is a `tCar_spec*`, causing invalid memory accesses
+                if (c->driver >= eDriver_oppo)
+#endif
+                {
+                    for (i = 0; i < CAR(c)->car_actor_count; i++) {
+                        ts2 = (v_diff + 20.0f) * -0.01f;
+                        TotallySpamTheModel(CAR(c), i, CAR(c)->car_model_actors[i].actor, &CAR(c)->car_model_actors[i].crush_data, ts2);
+                    }
+                    for (i = 0; i < COUNT_OF(CAR(c)->damage_units); i++) {
+                        DamageUnit(CAR(c), i, IRandomPosNeg(5) + (v_diff + 20.0f) * -1.5f);
+                    }
                 }
             }
             if (!noise_defeat) {
@@ -3094,7 +3104,7 @@ int CollCheck(tCollision_info* c, br_scalar dt) {
             BrVector3InvScale(&tv, &tv, WORLD_SCALE);
             BrMatrix34ApplyV(&bb, &tv, &c->car_master_actor->t.t.mat);
             BrMatrix34ApplyV(&norm, &p_vel, &c->car_master_actor->t.t.mat);
-            CreateSparks(&pos, &bb, &norm, gCurrent_race.material_modifiers[gMaterial_index].sparkiness, car_spec);
+            CreateSparks(&pos, &bb, &norm, gCurrent_race.material_modifiers[gMaterial_index].sparkiness, CAR(c));
         }
         return k;
     } else {
diff --git a/src/DETHRACE/common/spark.c b/src/DETHRACE/common/spark.c
@@ -2491,6 +2491,13 @@ void MungeSplash(tU32 pTime) {
     if (!gAction_replay_mode || GetReplayRate() == 0.0) {
         if (!gAction_replay_mode) {
             for (i = 0; i < gNum_cars_and_non_cars; i++) {
+#if defined(DETHRACE_FIX_BUGS)
+                // CreateSpash assumes a `tCar_spec*` argument. In the case a non-car is pushed into the water, a `tNon_car_spec*` is passed,
+                // causing invalid memory accesses
+                if (gActive_car_list[i]->driver < eDriver_oppo) {
+                    continue;
+                }
+#endif
                 if (gActive_car_list[i]->water_d != 10000.0 && gActive_car_list[i]->driver != eDriver_local_human) {
                     CreateSplash(gActive_car_list[i], pTime);
                 }
@@ -2516,7 +2523,7 @@ void MungeSplash(tU32 pTime) {
             }
         }
         if (gProgram_state.current_car.water_d != 10000.0) {
-            CreateSplash(&gProgram_state.current_car, 0x64u);
+            CreateSplash(&gProgram_state.current_car, 100);
         }
     }
     if (!gSplash_flags) {

Original file line number	Diff line number	Diff line change
`@@ -2491,6 +2491,13 @@ void MungeSplash(tU32 pTime) {`
`2491`	`2491`	`if (!gAction_replay_mode \|\| GetReplayRate() == 0.0) {`
`2492`	`2492`	`if (!gAction_replay_mode) {`
`2493`	`2493`	`for (i = 0; i < gNum_cars_and_non_cars; i++) {`
	`2494`	`+#if defined(DETHRACE_FIX_BUGS)`
	`2495`	+ // CreateSpash assumes a `tCar_spec` argument. In the case a non-car is pushed into the water, a `tNon_car_spec` is passed,
	`2496`	`+ // causing invalid memory accesses`
	`2497`	`+ if (gActive_car_list[i]->driver < eDriver_oppo) {`
	`2498`	`+ continue;`
	`2499`	`+ }`
	`2500`	`+#endif`
`2494`	`2501`	`if (gActive_car_list[i]->water_d != 10000.0 && gActive_car_list[i]->driver != eDriver_local_human) {`
`2495`	`2502`	`CreateSplash(gActive_car_list[i], pTime);`
`2496`	`2503`	`}`
`@@ -2516,7 +2523,7 @@ void MungeSplash(tU32 pTime) {`
`2516`	`2523`	`}`
`2517`	`2524`	`}`
`2518`	`2525`	`if (gProgram_state.current_car.water_d != 10000.0) {`
`2519`		`- CreateSplash(&gProgram_state.current_car, 0x64u);`
	`2526`	`+ CreateSplash(&gProgram_state.current_car, 100);`
`2520`	`2527`	`}`
`2521`	`2528`	`}`
`2522`	`2529`	`if (!gSplash_flags) {`