Classic Vuln

src/CMakeLists.txt

@@ -136,6 +136,11 @@ if(PNG_FOUND)
     list(APPEND EXTRA_LIBS PNG::PNG)
 endif()
 
+add_library(lib_common_dehacked ${SOURCE_FILES_WITH_DEH})
+target_compile_definitions(lib_common_dehacked PRIVATE ${DOOM_COMPILE_DEFINITIONS})
+target_include_directories(lib_common_dehacked PRIVATE ${GAME_INCLUDE_DIRS})
+target_link_libraries(lib_common_dehacked ${EXTRA_LIBS} SampleRate::samplerate)
+
 if(WIN32)
     add_executable("${PROGRAM_PREFIX}doom" WIN32 ${SOURCE_FILES_WITH_DEH} "${CMAKE_CURRENT_BINARY_DIR}/resource.rc")
 else()

test/CMakeLists.txt

@@ -1,10 +1,4 @@
 find_package(Catch2 REQUIRED)
 
-file(GLOB_RECURSE sources CONFIGURE_DEPENDS "*.cpp")
-
-add_executable(test_cpp_doom ${sources})
-target_link_libraries(test_cpp_doom Catch2::Catch2 lib_common_cpp_doom)
-target_compile_definitions(test_cpp_doom PUBLIC CATCH_CONFIG_CONSOLE_WIDTH=300)
-target_include_directories(test_cpp_doom PRIVATE ${CMAKE_SOURCE_DIR}/src)
-
-add_test(NAME test_cpp_doom COMMAND test_cpp_doom)
+add_subdirectory(cpp_doom)
+add_subdirectory(dehacked)

test/cpp_doom/CMakeLists.txt

@@ -0,0 +1,8 @@
+file(GLOB_RECURSE sources CONFIGURE_DEPENDS "*.cpp")
+
+add_executable(test_cpp_doom ${sources})
+target_link_libraries(test_cpp_doom Catch2::Catch2 lib_common_cpp_doom)
+target_compile_definitions(test_cpp_doom PUBLIC CATCH_CONFIG_CONSOLE_WIDTH=300)
+target_include_directories(test_cpp_doom PRIVATE ${CMAKE_SOURCE_DIR}/src)
+
+add_test(NAME test_cpp_doom COMMAND test_cpp_doom)

test/cpp_doom/test_z_native.cpp

@@ -0,0 +1,99 @@
+#include <catch2/catch.hpp>
+
+#include "z_zone.hpp"
+
+TEST_CASE("Z_Init", "[z_native]") {
+  Z_Init();
+//  REQUIRE(Z_ZoneSize() == 0x2000000);
+}
+
+#if 0
+
+TEST_CASE("Z_Malloc(PU_STATIC)", "[z_native]") {
+  void * ptr = Z_Malloc(10, PU_STATIC, nullptr);
+  REQUIRE(ptr != nullptr);
+}
+
+TEST_CASE("Z_Malloc(PU_LEVEL)", "[z_native]") {
+  void * ptr = Z_Malloc(10, PU_LEVEL, nullptr);
+  REQUIRE(ptr != nullptr);
+}
+
+TEST_CASE("Z_Malloc(PU_LEVSPEC)", "[z_native]") {
+  void * ptr = Z_Malloc(10, PU_LEVSPEC, nullptr);
+  REQUIRE(ptr != nullptr);
+}
+
+TEST_CASE("Z_Malloc(PU_LEVEL) and Z_Free", "[z_native]") {
+  void * ptr = Z_Malloc(10, PU_LEVEL, nullptr);
+  REQUIRE(ptr != nullptr);
+  Z_Free(ptr);
+}
+
+TEST_CASE("Z_Malloc(PU_LEVEL) and Z_Free and Z_Malloc(PU_LEVEL)", "[z_native]") {
+  void * ptr = Z_Malloc(10, PU_LEVEL, nullptr);
+  REQUIRE(ptr != nullptr);
+  Z_Free(ptr);
+  void * ptr2 = Z_Malloc(10, PU_LEVEL, nullptr);
+  REQUIRE(ptr2 != nullptr);
+  REQUIRE(ptr == ptr2);
+}
+
+#else
+
+struct memblock_t {
+  int          id; // = ZONEID
+  int          tag;
+  int          size;
+  void **      user;
+  memblock_t * prev;
+  memblock_t * next;
+};
+
+long * where;
+long   what;
+
+TEST_CASE("Z_ZOverwrite header", "[z_native]") {
+
+  void * guard = Z_Malloc(10, PU_LEVEL, nullptr);
+  REQUIRE(guard != nullptr);
+
+  void * ptr = Z_Malloc(10, PU_LEVEL, nullptr);
+  REQUIRE(ptr != nullptr);
+
+  void * guard2 = Z_Malloc(10, PU_LEVEL, nullptr);
+  REQUIRE(guard2 != nullptr);
+
+  // Corrupt header
+  where = nullptr;
+  what  = 0x42424242;
+
+  auto * byte_ptr = reinterpret_cast<uint8_t *>(ptr);
+  auto * header   = reinterpret_cast<memblock_t *>(byte_ptr - sizeof(memblock_t));
+  REQUIRE(header->tag == PU_LEVEL);
+  long * what_ptr   = &what;
+  long ** where_ptr = &where;
+
+  auto distance = reinterpret_cast<uint8_t*>(&(header->next)) - reinterpret_cast<uint8_t*>(header);
+  if constexpr (sizeof(void *) == 8)
+    REQUIRE(distance == 32);
+  else
+    REQUIRE(distance == 20);
+
+  uint8_t * byte_where_ptr = reinterpret_cast<uint8_t*>(where_ptr);
+  uint8_t * adjusted_byte_where_ptr = byte_where_ptr - distance;
+
+  header->prev      = reinterpret_cast<memblock_t *>(adjusted_byte_where_ptr);
+  header->next      = reinterpret_cast<memblock_t *>(what_ptr);
+  // Corruption done
+
+  // Verify state
+  REQUIRE(where == nullptr);
+
+  Z_Free(ptr);
+
+  // Check if successful
+  REQUIRE(where != nullptr);
+  REQUIRE(*where == 0x42424242);
+}
+#endif

test/dehacked/CMakeLists.txt

@@ -0,0 +1,8 @@
+file(GLOB_RECURSE sources CONFIGURE_DEPENDS "*.cpp")
+
+add_executable(test_dehacked ${sources})
+target_link_libraries(test_dehacked Catch2::Catch2 lib_common_dehacked)
+target_compile_definitions(test_dehacked PUBLIC CATCH_CONFIG_CONSOLE_WIDTH=300)
+target_include_directories(test_dehacked PRIVATE ${CMAKE_SOURCE_DIR}/src)
+
+add_test(NAME test_dehacked COMMAND test_dehacked)

test/dehacked/test_z_zone.cpp

@@ -0,0 +1,38 @@
+#include <catch2/catch.hpp>
+
+#include "z_zone.hpp"
+
+TEST_CASE("Z_Init", "[z_zone]") {
+  Z_Init();
+  REQUIRE(Z_ZoneSize() == 0x2000000);
+}
+
+TEST_CASE("Z_Malloc(PU_STATIC)", "[z_zone]") {
+  void * ptr = Z_Malloc(10, PU_STATIC, nullptr);
+  REQUIRE(ptr != nullptr);
+}
+
+TEST_CASE("Z_Malloc(PU_LEVEL)", "[z_zone]") {
+  void * ptr = Z_Malloc(10, PU_LEVEL, nullptr);
+  REQUIRE(ptr != nullptr);
+}
+
+TEST_CASE("Z_Malloc(PU_LEVSPEC)", "[z_zone]") {
+  void * ptr = Z_Malloc(10, PU_LEVSPEC, nullptr);
+  REQUIRE(ptr != nullptr);
+}
+
+TEST_CASE("Z_Malloc(PU_LEVEL) and Z_Free", "[z_zone]") {
+  void * ptr = Z_Malloc(10, PU_LEVEL, nullptr);
+  REQUIRE(ptr != nullptr);
+  Z_Free(ptr);
+}
+
+TEST_CASE("Z_Malloc(PU_LEVEL) and Z_Free and Z_Malloc(PU_LEVEL)", "[z_zone]") {
+  void * ptr = Z_Malloc(10, PU_LEVEL, nullptr);
+  REQUIRE(ptr != nullptr);
+  Z_Free(ptr);
+  void * ptr2 = Z_Malloc(10, PU_LEVEL, nullptr);
+  REQUIRE(ptr2 != nullptr);
+  REQUIRE(ptr == ptr2);
+}

test/dehacked/tests.cpp

@@ -0,0 +1,2 @@
+#define CATCH_CONFIG_MAIN
+#include <catch2/catch.hpp>