Leahnaya/Poke_Transporter_GB
1
0
Fork 0
mirror of https://github.com/GearsProgress/Poke_Transporter_GB.git synced 2026-03-21 17:34:42 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity
eef173b0d2
Poke_Transporter_GB/source/flash_mem.cpp
Philippe Symons eef173b0d2 Fix crash + unrelated buffer overflow + some optimizations 
There was a crash happening with ptgb::vector when you'd press A on the CONFIRM button of the box screen. It only occurred on actual gba hardware and
was a real heisenbug: as soon as you'd add code to display logs on screen, the problem would disappear. So it was very difficult to figure this one
out. We're not even entirely sure why, but it looks like the malloc/realloc/free use in ptgb::vector would cause issues.

Maybe it was alignment, but after messing with the code we also saw a warning appear in the terminal telling us that realloc wouldn't properly
deal with non-POD types. It complained about this very thing while referring to the add_track() function, which stores ptgb::vectors inside another
ptgb::vector. We also didn't have a custom copy constructor yet to actually copy the buffer instead of its pointer.
All of these could potentially have led to the crash. But debugging during the link cable flow was difficult, so we were never able to confirm it in
a debugger, log or dump.

Because I suspected the high IWRAM consumption (especially now with ZX0 decompression) for a while, I also did an optimization in mystery_gift_builder
to pass global_memory_buffer as its section_30_data buffer instead. This reduces IWRAM consumption by 4 KB.

There was another problem I discovered during my crash hunt: the out_array (now payload_buffer) was allocated as a 672 byte array, but the payloads
were actually 707 bytes. Therefore writing this to the buffer caused a buffer overflow, thereby corrupting the global variables appearing after it in
IWRAM. It turned out eventually that none of these variables were really critical, but it could explain some minor bugs GearsProgress has seen.

I also did a few performance optimizations:

- At various stages in the code, for loops were used to copy data from one buffer into another byte-by-byte. This was far from optimal because the gba
cpu can load/copy 4 bytes at a time if you ask it to. So I replaced those with memcpy(), which is a hand-optimized assembly function to copy data
using this principle.

- generate_payload was being called twice: once at start_link and once at continue_link, giving the exact same result, even though it was already
being stored in a global buffer allocated in IWRAM. This was also a fairly heavy function. So I optimized the code to only initialize it once in
the script chain and then just retrieve the buffer.

- generate_payload was constructing the eventual payload twice even within the same call. That's because it first merged z80_rng_seed, z80_payload
and z80_patchlist into a full_data ptgb::vector, after which it then copied the data again to out_array (now called payload_buffer). I eliminated the
full_data vector now.
2025-06-18 10:23:03 +02:00

186 lines
5.8 KiB
C++
Raw Blame History

#include <tonc.h>
#include "libstd_replacements.h"
#include "flash_mem.h"
#include "pokemon.h"
#include "pokemon_data.h"
#include "rom_data.h"
#include "libraries/Pokemon-Gen3-to-Gen-X/include/save.h"
#include "text_engine.h"
#define pkmn_length 80
#define READ_SAVE_SECTIONS 5
#define TOTAL_SAVE_SECTIONS 14
vu32 newest_save_offset = SAVE_A_OFFSET;
vu32 memory_section_array[READ_SAVE_SECTIONS] = {};
u8 global_memory_buffer[0x1000];
char mem_name = 'A';
u8 mem_id;
// Fills the variables with the current offset information
void initalize_memory_locations()
{
u8 save_A_index[4];
u8 save_B_index[4];
copy_save_to_ram(SAVE_A_OFFSET + SAVE_INDEX_OFFSET, &save_A_index[0], 0x04);
copy_save_to_ram(SAVE_B_OFFSET + SAVE_INDEX_OFFSET, &save_B_index[0], 0x04);
reverse_endian(&save_A_index[0], 0x04);
reverse_endian(&save_B_index[0], 0x04);
// Determines if save A or B is more recent
if (*(vu32 *)save_B_index > *(vu32 *)save_A_index)
{
newest_save_offset = SAVE_B_OFFSET;
mem_name = 'B';
}
// Populates the memory_section_array with the correct pointer locations
copy_save_to_ram(newest_save_offset + SECTION_ID_OFFSET, &mem_id, 1);
for (int i = 0; i < TOTAL_SAVE_SECTIONS; i++)
{
if (mem_id < READ_SAVE_SECTIONS)
{
memory_section_array[mem_id] = newest_save_offset + (i * 0x1000);
}
mem_id = (mem_id + 1) % TOTAL_SAVE_SECTIONS;
}
// Bring the Memory ID back to the first one
mem_id = (mem_id + 1) % TOTAL_SAVE_SECTIONS;
if (false) // This will print out a section of the FLASH mem for debugging purposes
{
int mem_start = 0xF80;
int mem_section = 1;
copy_save_to_ram(memory_section_array[mem_section], &global_memory_buffer[0], 0x1000);
tte_set_pos(8, 0);
tte_write("loc: ");
tte_write(ptgb::to_string(static_cast<unsigned>(memory_section_array[mem_section] + mem_start)));
tte_write("\n");
for (int i = mem_start; i < (128 + mem_start); i++)
{
if (i % 2 == 0)
{
tte_write("#{cx:0xE000}");
}
else
{
tte_write("#{cx:0xD000}");
}
tte_write(ptgb::to_string(global_memory_buffer[i]));
if (i % 8 == 7)
{
tte_write("\n");
}
else
{
if (global_memory_buffer[i] < 10)
{
tte_write(" ");
}
else if (global_memory_buffer[i] < 100)
{
tte_write(" ");
}
else
{
tte_write("");
}
}
}
while (true)
{
};
}
}
void print_mem_section()
{
return; // This function isn't really needed now
uint16_t charset[256];
byte out[4] = {0, 0, 0, 0xFF};
load_localized_charset(charset, 3, ENG_ID);
out[0] = get_char_from_charset(charset, mem_name);
out[1] = get_char_from_charset(charset, '-');
out[2] = get_char_from_charset(charset, mem_id + 0xA1); // Kinda a dumb way to
tte_set_pos(0, 0);
ptgb_write(out, true);
}
// Reverses the endian of the given array
void reverse_endian(u8 *data, size_t size)
{
u8 temp;
for (unsigned int i = 0; i < (size / 2); i++)
{
temp = data[i];
data[i] = data[(size - 1) - i];
data[(size - 1) - i] = temp;
}
}
void update_memory_buffer_checksum(bool hall_of_fame)
{
vu32 checksum = 0x00;
vu32 num_of_bytes = 3968;
if (global_memory_buffer[0x0FF4] == 13)
{
num_of_bytes = 2000;
}
for (unsigned int i = 0; i < num_of_bytes / 4; i++)
{
checksum += (global_memory_buffer[(4 * i) + 3] << 24) |
(global_memory_buffer[(4 * i) + 2] << 16) |
(global_memory_buffer[(4 * i) + 1] << 8) |
(global_memory_buffer[(4 * i) + 0] << 0);
}
vu16 small_checksum = ((checksum & 0xFFFF0000) >> 16) + (checksum & 0x0000FFFF);
if (hall_of_fame)
{
global_memory_buffer[0x0FF4] = small_checksum & 0x00FF;
global_memory_buffer[0x0FF5] = (small_checksum & 0xFF00) >> 8;
}
else
{
global_memory_buffer[0x0FF6] = small_checksum & 0x00FF;
global_memory_buffer[0x0FF7] = (small_checksum & 0xFF00) >> 8;
}
}
bool read_flag(u16 flag_id)
{
if (false)
{
tte_set_pos(0, 0);
tte_write("#{cx:0xD000}Attempting to read byte ");
tte_write(ptgb::to_string((curr_rom.offset_flags + (flag_id / 8)) % 0xF80));
tte_write(" of memory section ");
tte_write(ptgb::to_string(1 + ((curr_rom.offset_flags + (flag_id / 8)) / 0xF80)));
tte_write(" for flag ");
tte_write(ptgb::to_string(flag_id));
tte_write(". Flag is ");
copy_save_to_ram(memory_section_array[1 + ((curr_rom.offset_flags + (flag_id / 8)) / 0xF80)], &global_memory_buffer[0], 0x1000);
u8 flags = global_memory_buffer[(curr_rom.offset_flags + (flag_id / 8)) % 0xF80];
tte_write(ptgb::to_string((flags >> (flag_id % 8)) & 0b1));
while (true)
{
};
}
copy_save_to_ram(memory_section_array[1 + ((curr_rom.offset_flags + (flag_id / 8)) / 0xF80)], &global_memory_buffer[0], 0x1000);
u8 flags = global_memory_buffer[(curr_rom.offset_flags + (flag_id / 8)) % 0xF80];
return (flags >> (flag_id % 8)) & 0b1;
}
bool compare_map_and_npc_data(int map_bank, int map_id, int npc_id)
{
copy_save_to_ram(memory_section_array[4], &global_memory_buffer[0], 0x1000);
return (global_memory_buffer[curr_rom.offset_script + 5] == map_bank &&
global_memory_buffer[curr_rom.offset_script + 6] == map_id &&
global_memory_buffer[curr_rom.offset_script + 7] == npc_id);
}
Reference in New Issue View Git Blame Copy Permalink