ZHMModSDK icon indicating copy to clipboard operation
ZHMModSDK copied to clipboard
verified publisher icon OrfeasZ

Functions::ZDynamicObject_ToString not escaping quoted values

Open Deji69 opened this issue 2 years ago • 2 comments 

DECLARE_PLUGIN_DETOUR(Stealthometer, void, ZAchievementManagerSimple_OnEventSent, ZAchievementManagerSimple* th, uint32_t eventId, const ZDynamicObject& event)
{
	ZString s_EventData;
	Functions::ZDynamicObject_ToString->Call(const_cast<ZDynamicObject*>(&event), &s_EventData);

	Logger::Debug("Achievement Event Sent: {} - {}", eventId, s_EventData);

	auto s_JsonEvent = nlohmann::json::parse(s_EventData.c_str(), s_EventData.c_str() + s_EventData.size());
	// ...
}

This code will crash in the event that an event value has quotes, due to those quotes not being double escaped. For example, on killing or KOing Marv "Slick" Gonif in Holiday Hoarders.

Deji69 avatar Apr 02 '23 23:04 Deji69

This also crashes when placing "Bubble Queen" gum pack into the world (When AdvancedRating is enabled) in any form: dropping, throwing, placing, or retrieving from briefcase.

Simply having it in your inventory does not cause a crash.

FlamingLily avatar Apr 04 '23 09:04 FlamingLily

This extends to newline characters in values too...

image

This consistently causes an exception when shooting the falling object sign of the Shisha Café in Marrakesh. JSON parser expects the newline character to be escaped.

0x00007ffdca8fd140 "invalid string: control character U+000A (LF) must be escaped to \\u000A or \\n"

This one feels a little more like an issue with lack of fault tolerance options in nlohmann's parser to be honest. Well, technically the issue is the game not creating valid JSON. For this particular issue I guess it should be possible to 'fix' the string before passing it through by just removing the newline or escaping it, since they almost never seem to occur in other situations.

Deji69 avatar Apr 08 '23 15:04 Deji69