JonKazama-Hellion/HellionChat
1
0
Fork 0
Code Issues 1 Pull Requests Actions Releases 28 Activity
Files
cb5457ba2ea5b5b88cd25dca5d0a3f79788aed62
HellionChat/ChatTwo/ChatTwo.csproj
T
JonKazama-Hellion 1b7f2c40e6 fix(security): rebuild WrapText on span and int offsets 
The pointer-arithmetic CodeQL alert kept re-firing on each shape of
the previous shallow fix because Encoding.GetBytes is virtual and
every length value derived from its return inherited the taint.
Refactor the routine to thread int offsets through index-based
control flow and only compute pointers inside two small helpers
(CalcWordWrap and DrawText) that take an already-pinned base pointer
plus offsets sourced from local logic, not from any virtual return.

Buffer is now allocated against Encoding.UTF8.GetMaxByteCount via
ArrayPool with a real 16 KiB upper bound, and the encoded length
returned by GetBytes is validated against that ceiling before
anything touches the pointer. Behaviour is byte-identical to v0.5.3,
verified locally with the same input shapes the previous code path
handled.

Slim changelog: trimmed the per-version blocks down to v0.5.1-v0.5.4
plus a link to GitHub releases for older history. The previous block
ran ~9000 characters and was dragging the manifest payload down for
no benefit; users see the latest release block first anyway.
2026-05-02 23:57:26 +02:00

75 lines
3.2 KiB
XML
Raw Blame History

<Project Sdk="Dalamud.NET.Sdk/15.0.0">
<PropertyGroup>
<!-- Hellion Chat versioning runs separately from upstream Chat 2.
0.1.0 is our bootstrap release; the underlying Chat 2 base is
called out in the yaml changelog so users can see what it
derives from. -->
<Version>0.5.4</Version>
<ImplicitUsings>enable</ImplicitUsings>
<!-- HellionChat fork: assembly is renamed so Dalamud uses
pluginConfigs/HellionChat instead of pluginConfigs/ChatTwo,
keeping our state independent from the upstream plugin.
Code namespace stays ChatTwo.* so upstream cherry-picks
apply cleanly. -->
<AssemblyName>HellionChat</AssemblyName>
<RootNamespace>ChatTwo</RootNamespace>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="MessagePack" Version="3.1.4" />
<PackageReference Include="Microsoft.Data.Sqlite" Version="10.0.7" />
<PackageReference Include="morelinq" Version="4.4.0" />
<PackageReference Include="Pidgin" Version="3.3.0" />
<PackageReference Include="SixLabors.ImageSharp" Version="3.1.12" />
</ItemGroup>
<ItemGroup>
<Compile Update="Resources\Language.Designer.cs">
<DesignTime>True</DesignTime>
<AutoGen>True</AutoGen>
<DependentUpon>Language.resx</DependentUpon>
</Compile>
</ItemGroup>
<ItemGroup>
<EmbeddedResource Update="Resources\Language.resx">
<Generator>ResXFileCodeGenerator</Generator>
<LastGenOutput>Language.Designer.cs</LastGenOutput>
</EmbeddedResource>
</ItemGroup>
<!-- HellionChat — Hellion-specific resource bundle (HellionStrings.resx
+ HellionStrings.<lang>.resx) is picked up automatically by the SDK
default include. Designer.cs is hand-maintained, no auto-gen needed. -->
<!-- Bundled Hellion font (Exo 2, OFL-1.1). Embedded as a manifest
resource with a fixed LogicalName so FontManager can pull the
bytes back at runtime via AddFontFromMemory. The OFL license
text travels with it inside the assembly to satisfy the
"license must be distributed with the font" clause. -->
<ItemGroup>
<EmbeddedResource Include="Resources\HellionFont.ttf">
<LogicalName>HellionFont.ttf</LogicalName>
</EmbeddedResource>
<EmbeddedResource Include="Resources\HellionFont-OFL.txt">
<LogicalName>HellionFont-OFL.txt</LogicalName>
</EmbeddedResource>
</ItemGroup>
<!-- Plugin icon. Copy images/* into the build output so Dalamud
finds the icon next to the DLL, and let the SDK default
DalamudPackager pipeline include the same path in the
release ZIP. Earlier we shipped a custom DalamudPackager
targets override that explicitly set HandleImages and
ImagesPath; that override conflicted with the SDK 15
default and the resulting manifest carried no IconUrl.
Removed in v0.5.2. -->
<ItemGroup>
<None Include="images\**">
<CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
</None>
</ItemGroup>
</Project>
Reference in New Issue View Git Blame Copy Permalink