JonKazama-Hellion
1b7f2c40e6
The pointer-arithmetic CodeQL alert kept re-firing on each shape of the previous shallow fix because Encoding.GetBytes is virtual and every length value derived from its return inherited the taint. Refactor the routine to thread int offsets through index-based control flow and only compute pointers inside two small helpers (CalcWordWrap and DrawText) that take an already-pinned base pointer plus offsets sourced from local logic, not from any virtual return. Buffer is now allocated against Encoding.UTF8.GetMaxByteCount via ArrayPool with a real 16 KiB upper bound, and the encoded length returned by GetBytes is validated against that ceiling before anything touches the pointer. Behaviour is byte-identical to v0.5.3, verified locally with the same input shapes the previous code path handled. Slim changelog: trimmed the per-version blocks down to v0.5.1-v0.5.4 plus a link to GitHub releases for older history. The previous block ran ~9000 characters and was dragging the manifest payload down for no benefit; users see the latest release block first anyway.
101 lines
4.3 KiB
YAML
Executable File
101 lines
4.3 KiB
YAML
Executable File
name: Hellion Chat
|
|
author: JonKazama-Hellion
|
|
punchline: Chat 2 with privacy controls aligned to EU, US and JP rules
|
|
description: |-
|
|
Hellion Chat is built on top of Chat 2 with one removal and a stack
|
|
of privacy controls on top. Tabs, channel filters, RGB colours,
|
|
emotes, screenshot mode, IPC integration and the chat replacement
|
|
window itself work the same. The optional webinterface that Chat 2
|
|
ships is intentionally not part of this fork because it serves a
|
|
different use case from the smaller default footprint Hellion Chat
|
|
is built around.
|
|
|
|
On top of that, Hellion Chat adds privacy and data-handling controls
|
|
designed to align with the modern data protection rules that apply
|
|
across the EU, the United States and Japan. By default only your own
|
|
conversations are stored; messages from strangers, NPCs and system
|
|
spam stay out of the database. Retention windows are configurable per
|
|
channel, history can be wiped retroactively, and stored data can be
|
|
exported on demand.
|
|
|
|
Key additions on top of Chat 2:
|
|
|
|
- Channel whitelist with a Privacy-First default
|
|
- Per-channel retention with a daily background sweep
|
|
- Retroactive cleanup with a Ctrl+Shift confirm
|
|
- Export to Markdown, JSON or CSV
|
|
- First-run wizard with three preset profiles (Privacy-First, Casual,
|
|
Full History)
|
|
- Bilingual UI (English and German) with live language switching
|
|
- Independent plugin state — own config file and database directory,
|
|
so Hellion Chat does not share state with the upstream plugin
|
|
|
|
Based on Chat 2 by Infi and Anna, licensed under EUPL-1.2.
|
|
repo_url: https://github.com/JonKazama-Hellion/HellionChat
|
|
accepts_feedback: true
|
|
icon_url: https://raw.githubusercontent.com/JonKazama-Hellion/HellionChat/main/ChatTwo/images/icon.png
|
|
image_urls:
|
|
- https://raw.githubusercontent.com/JonKazama-Hellion/HellionChat/main/ChatTwo/images/chatWindow.png
|
|
- https://raw.githubusercontent.com/JonKazama-Hellion/HellionChat/main/ChatTwo/images/withSimpleTweaks.png
|
|
tags:
|
|
- Social
|
|
- UI
|
|
- Chat
|
|
- Replacement
|
|
- Privacy
|
|
changelog: |-
|
|
**Hellion Chat 0.5.4 — WrapText hardening**
|
|
|
|
Replaces the unsafe pointer-arithmetic in ImGuiUtil.WrapText with
|
|
Span- and index-based control flow. Closes the persistent CodeQL
|
|
Critical alert "unvalidated local pointer arithmetic" that kept
|
|
re-firing on every shape of the previous fix.
|
|
|
|
Hardening:
|
|
|
|
- WrapText now allocates a buffer sized by Encoding.UTF8.GetMaxByteCount
|
|
via ArrayPool, validates the actual encoded length against that
|
|
ceiling, and threads the rest of the algorithm through int offsets
|
|
instead of raw byte pointers
|
|
- Pointer arithmetic only happens inside two small private helpers
|
|
(CalcWordWrap and DrawText) that take the pinned base pointer plus
|
|
int offsets sourced from the plugin's own logic, not from any
|
|
virtual-method return
|
|
- Added a 16 KiB upper bound on the buffer rent to prevent a
|
|
pathological input from triggering an unbounded ArrayPool allocation
|
|
|
|
No user-visible behaviour change. Word-wrap output is byte-identical
|
|
to v0.5.3.
|
|
|
|
Based on Chat 2 1.35.3 (upstream Infiziert90/ChatTwo, EUPL-1.2).
|
|
|
|
**Hellion Chat 0.5.3 — Pointer arithmetic hardening**
|
|
|
|
Closed CodeQL Critical alert in ImGuiUtil.WrapText by validating the
|
|
encoded byte buffer length via GetByteCount before pointer
|
|
arithmetic. Single-fix patch on top of v0.5.2.
|
|
|
|
**Hellion Chat 0.5.2 — Bugfix patch**
|
|
|
|
Auto-Tell-Tabs history-separator landed below the live tell instead
|
|
of above (preload now excludes the trigger message). Plugin icon
|
|
packaging fixed by removing a stale DalamudPackager.targets override
|
|
that conflicted with the SDK 15 default. Default config aligned to
|
|
the maintainer's daily driver: HellionThemeWindowOpacity 0.5,
|
|
Use24HourClock true, Gruppe tab no longer auto-routes /party. Two
|
|
earlier CodeQL findings closed (workflow permissions, empty-input
|
|
pointer arithmetic).
|
|
|
|
**Hellion Chat 0.5.1 — Backlog Sweep**
|
|
|
|
Pure hardening and polish. Eight backlog items from the v0.5.0
|
|
codebase review collected into one patch: cleanup-preview-stale
|
|
detection, greeted-tab dim background, Performance HelpMarker
|
|
consistency, Tabs/Database tab names from HellionStrings,
|
|
FontChooser framework-thread marshalling, async-void on
|
|
EmoteCache.LoadData, parameterised SQL via BindIntList helper.
|
|
|
|
---
|
|
|
|
Earlier history at https://github.com/JonKazama-Hellion/HellionChat/releases.
|