Changes

!  Status

!  Status

!  Regions

!  Regions

!  Description

!  Description

|-

|-

|  Dark Void Zero

|  Dark Void Zero

| High-Scores

| High-Scores

| Done

| Done

| USA/EUR

| USA/EUR

| No limit on length of drawn record names, no vuln with high-scores. The level var from savedata doesn't have any bounds check, this is used with array indexes. This is not exploitable since the array structs only contain char* strings and other fields, and that var is used with level class init. Level class init fail is most likely the cause of the crash which isn't exploitable, level paths are determined by if statements and the level object is used uninitialized when the level var is out-of-bounds.

| Capcom

|  No limit on length of drawn record names, no vuln with high-scores. The level var from savedata doesn't have any bounds check, this is used with array indexes. This is not exploitable since the array structs only contain char* strings and other fields, and that var is used with level class init. Level class init fail is most likely the cause of the crash which isn't exploitable, level paths are determined by if statements and the level object is used uninitialized when the level var is out-of-bounds.

|-

|-

|  Frogger Returns

|  Frogger Returns

|  Started

|  Started

|  USA

|  USA

|  Has ASCII null-terminated high-scores. Manged to crash this game. The high-score draw function uses strcpy to copy the records' name to a static buffer, it's unknown if this is exploitable.

|  Has ASCII null-terminated high-scores. Manged to crash this game. The high-score draw function uses strcpy to copy the records' name to a static buffer, it's unknown if this is exploitable.

|-

|-

|  Started

|  Started

|  USA/EUR

|  USA/EUR

|  Has ASCII strings for high-scores. Overwriting high-scores with a 0x194f-byte string caused the game to crash.

|  Has ASCII strings for high-scores. Overwriting high-scores with a 0x194f-byte string caused the game to crash.

|-

|-

|  None

|  None

|  USA/EUR/JP

|  USA/EUR/JP

|  Has ASCII player name in one file, and UCS-2 player name in a profile file. This game was crashed by modifying strings in the profile savedata file.

|  Has ASCII player name in one file, and UCS-2 player name in a profile file. This game was crashed by modifying strings in the profile savedata file.

|-

|-

|  Started

|  Started

|  USA/EUR

|  USA/EUR

|  Has ASCII player name for each of the 3 save slots. Game was crashed with an excessively long player name.

|  Has ASCII player name for each of the 3 save slots. Game was crashed with an excessively long player name.

|}

|}