[Scummvm-cvs-logs] CVS: scummvm/scumm resource.cpp,1.359,1.360 scumm.cpp,1.710,1.711

Gregory Montoir cyx at users.sourceforge.net
Fri Jan 27 11:34:08 CET 2006


Update of /cvsroot/scummvm/scummvm/scumm
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv3099

Modified Files:
	resource.cpp scumm.cpp 
Log Message:
Fixed invalid memory reads in generateSubstResFileName.

Index: resource.cpp
===================================================================
RCS file: /cvsroot/scummvm/scummvm/scumm/resource.cpp,v
retrieving revision 1.359
retrieving revision 1.360
diff -u -d -r1.359 -r1.360
--- resource.cpp	27 Jan 2006 00:50:27 -0000	1.359
+++ resource.cpp	27 Jan 2006 19:33:40 -0000	1.360
@@ -150,11 +150,12 @@
 		// If we have substitute
 		if (_substResFileNameIndex > 0 && !(_platform == Common::kPlatformNES || _platform == Common::kPlatformC64)) {
 			char tmpBuf[128];
-
 			generateSubstResFileName(buf, tmpBuf, sizeof(tmpBuf));
 			strcpy(buf, tmpBuf);
-			generateSubstResFileName(buf2, tmpBuf, sizeof(tmpBuf));
-			strcpy(buf2, tmpBuf);
+			if (buf2[0]) {
+				generateSubstResFileName(buf2, tmpBuf, sizeof(tmpBuf));
+				strcpy(buf2, tmpBuf);
+			}
 		}
 
 		result = openResourceFile(buf, encByte);

Index: scumm.cpp
===================================================================
RCS file: /cvsroot/scummvm/scummvm/scumm/scumm.cpp,v
retrieving revision 1.710
retrieving revision 1.711
diff -u -d -r1.710 -r1.711
--- scumm.cpp	27 Jan 2006 06:05:03 -0000	1.710
+++ scumm.cpp	27 Jan 2006 19:33:40 -0000	1.711
@@ -3183,16 +3183,20 @@
 	if (index <= 0)
 		return -1;
 
-	char num = filename[strlen(filename) - 1];
+	size_t len = strlen(filename);
+	assert(len >= 5);
+
+	char num = filename[len - 1];
 
 	// In some cases we have .(a) and .(b) extensions
 	if (num == ')')
-		num = filename[strlen(filename) - 2];
+		num = filename[len - 2];
 
 	const char *ext = NULL;
 
 	ext = strrchr(filename, '.');
-	size_t len = (ext != NULL) ? ext - filename : strlen(filename);
+	if (ext)
+		len = ext - filename;
 
 	for (int i = index; substResFileNameTable[i].winName; i++) {
 		if (!scumm_strnicmp(filename, substResFileNameTable[i].winName, len)) {





More information about the Scummvm-git-logs mailing list