From b7c41567892a7b3bd3782128926c6a223658a034 Mon Sep 17 00:00:00 2001
From: Miquel Sabaté Solà <mssola@mssola.com>
Date: Mon, 2 Mar 2026 22:43:57 +0100
Subject: Wrap around the saving of the last allocated bullet
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

If we don't do this, then it's possible to incur into a buffer overflow
as the last allocated index is set to the next (out of buffer)
position. Whenever we start over on this function, then it will compare
for a good bullet on this position, and if it's not exactly $FF, then it
will allocate it without problems.

Signed-off-by: Miquel Sabaté Solà <mssola@mssola.com>
---
 src/bullets.s | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/bullets.s b/src/bullets.s
index 93ff8c5..1dd98e0 100644
--- a/src/bullets.s
+++ b/src/bullets.s
@@ -157,8 +157,13 @@
     @set_bullet_x:
         sta zp_bullets_pool_base, x
 
-        ;; Save the index so it can be used in future bullet creation.
+        ;; Save the index so it can be used in future bullet creation. Also be
+        ;; careful to wrap around.
         inx
+        cpx #BULLETS_POOL_CAPACITY_BYTES
+        bne @set_last_allocated
+        ldx #0
+    @set_last_allocated:
         stx zp_last_allocated_index
 
         ;; Increase the number of bullets on screen.
-- 
cgit v1.2.3