search

DizzyEggg / pokeemerald

disassembly of Pokémon Emerald
76 stars 80 forks source link

OOB write to gBattleResults.catchAttempts? #491

Closed mrgriffin closed 2 years ago

mrgriffin commented 4 years ago

BattleResults defines u8 catchAttempts[11];, but battle_script_commands.c does this:

gBattleResults.catchAttempts[gLastUsedItem - ITEM_ULTRA_BALL]++;

Which probably reads & writes out of bounds now that there are more balls? I think the fix is u8 catchAttempts[LAST_BALL - ITEM_ULTRA_BALL + 1];?

mrgriffin commented 4 years ago

Also, caughtMonBall:4 in the same structure must be losing information for balls > 15.