JonKazama-Hellion/HellionChat
1
0
Fork 0
Code Issues Pull Requests Actions Releases 28 Activity
Files
2c79a67dae219e28727b6a78b9cc9f5eed03fdf2
HellionChat/ChatTwo/HellionChat.yaml
T
JonKazama-Hellion 1b7f2c40e6 fix(security): rebuild WrapText on span and int offsets 
The pointer-arithmetic CodeQL alert kept re-firing on each shape of
the previous shallow fix because Encoding.GetBytes is virtual and
every length value derived from its return inherited the taint.
Refactor the routine to thread int offsets through index-based
control flow and only compute pointers inside two small helpers
(CalcWordWrap and DrawText) that take an already-pinned base pointer
plus offsets sourced from local logic, not from any virtual return.

Buffer is now allocated against Encoding.UTF8.GetMaxByteCount via
ArrayPool with a real 16 KiB upper bound, and the encoded length
returned by GetBytes is validated against that ceiling before
anything touches the pointer. Behaviour is byte-identical to v0.5.3,
verified locally with the same input shapes the previous code path
handled.

Slim changelog: trimmed the per-version blocks down to v0.5.1-v0.5.4
plus a link to GitHub releases for older history. The previous block
ran ~9000 characters and was dragging the manifest payload down for
no benefit; users see the latest release block first anyway.
2026-05-02 23:57:26 +02:00

101 lines
4.3 KiB
YAML
Executable File
Raw Blame History

name: Hellion Chat
author: JonKazama-Hellion
punchline: Chat 2 with privacy controls aligned to EU, US and JP rules
description: |-
Hellion Chat is built on top of Chat 2 with one removal and a stack
of privacy controls on top. Tabs, channel filters, RGB colours,
emotes, screenshot mode, IPC integration and the chat replacement
window itself work the same. The optional webinterface that Chat 2
ships is intentionally not part of this fork because it serves a
different use case from the smaller default footprint Hellion Chat
is built around.
On top of that, Hellion Chat adds privacy and data-handling controls
designed to align with the modern data protection rules that apply
across the EU, the United States and Japan. By default only your own
conversations are stored; messages from strangers, NPCs and system
spam stay out of the database. Retention windows are configurable per
channel, history can be wiped retroactively, and stored data can be
exported on demand.
Key additions on top of Chat 2:
- Channel whitelist with a Privacy-First default
- Per-channel retention with a daily background sweep
- Retroactive cleanup with a Ctrl+Shift confirm
- Export to Markdown, JSON or CSV
- First-run wizard with three preset profiles (Privacy-First, Casual,
Full History)
- Bilingual UI (English and German) with live language switching
- Independent plugin state — own config file and database directory,
so Hellion Chat does not share state with the upstream plugin
Based on Chat 2 by Infi and Anna, licensed under EUPL-1.2.
repo_url: https://github.com/JonKazama-Hellion/HellionChat
accepts_feedback: true
icon_url: https://raw.githubusercontent.com/JonKazama-Hellion/HellionChat/main/ChatTwo/images/icon.png
image_urls:
- https://raw.githubusercontent.com/JonKazama-Hellion/HellionChat/main/ChatTwo/images/chatWindow.png
- https://raw.githubusercontent.com/JonKazama-Hellion/HellionChat/main/ChatTwo/images/withSimpleTweaks.png
tags:
- Social
- UI
- Chat
- Replacement
- Privacy
changelog: |-
**Hellion Chat 0.5.4 — WrapText hardening**
Replaces the unsafe pointer-arithmetic in ImGuiUtil.WrapText with
Span- and index-based control flow. Closes the persistent CodeQL
Critical alert "unvalidated local pointer arithmetic" that kept
re-firing on every shape of the previous fix.
Hardening:
- WrapText now allocates a buffer sized by Encoding.UTF8.GetMaxByteCount
via ArrayPool, validates the actual encoded length against that
ceiling, and threads the rest of the algorithm through int offsets
instead of raw byte pointers
- Pointer arithmetic only happens inside two small private helpers
(CalcWordWrap and DrawText) that take the pinned base pointer plus
int offsets sourced from the plugin's own logic, not from any
virtual-method return
- Added a 16 KiB upper bound on the buffer rent to prevent a
pathological input from triggering an unbounded ArrayPool allocation
No user-visible behaviour change. Word-wrap output is byte-identical
to v0.5.3.
Based on Chat 2 1.35.3 (upstream Infiziert90/ChatTwo, EUPL-1.2).
**Hellion Chat 0.5.3 — Pointer arithmetic hardening**
Closed CodeQL Critical alert in ImGuiUtil.WrapText by validating the
encoded byte buffer length via GetByteCount before pointer
arithmetic. Single-fix patch on top of v0.5.2.
**Hellion Chat 0.5.2 — Bugfix patch**
Auto-Tell-Tabs history-separator landed below the live tell instead
of above (preload now excludes the trigger message). Plugin icon
packaging fixed by removing a stale DalamudPackager.targets override
that conflicted with the SDK 15 default. Default config aligned to
the maintainer's daily driver: HellionThemeWindowOpacity 0.5,
Use24HourClock true, Gruppe tab no longer auto-routes /party. Two
earlier CodeQL findings closed (workflow permissions, empty-input
pointer arithmetic).
**Hellion Chat 0.5.1 — Backlog Sweep**
Pure hardening and polish. Eight backlog items from the v0.5.0
codebase review collected into one patch: cleanup-preview-stale
detection, greeted-tab dim background, Performance HelpMarker
consistency, Tabs/Database tab names from HellionStrings,
FontChooser framework-thread marshalling, async-void on
EmoteCache.LoadData, parameterised SQL via BindIntList helper.
---
Earlier history at https://github.com/JonKazama-Hellion/HellionChat/releases.
Reference in New Issue View Git Blame Copy Permalink