[Scummvm-cvs-logs] SF.net SVN: scummvm: [21301] scummvm/trunk/sound

eriktorbjorn at users.sourceforge.net eriktorbjorn at users.sourceforge.net
Tue Mar 14 12:10:02 CET 2006 

Revision: 21301
Author:   eriktorbjorn
Date:     2006-03-14 12:09:32 -0800 (Tue, 14 Mar 2006)
ViewCVS:  http://svn.sourceforge.net/scummvm/?rev=21301&view=rev

Log Message:
-----------
Fixed a potential bug that could cause memory to be read out-of-bounds.
(Unfortunately, this does not fix the Kyra bug I'm looking for.)

In the most extreme case:

* DR and RR will point to &DR_TABLE[60], and AR will point to &AR_TABLE[60]
* SLOT->KSR will be 0
* CH->kcode will be 15

In that case, it will attempt to access AR[15], RR[15] and DR[15], i.e.
AR_TABLE[75] and DR_TABLE[75]. So these arrays need to be 76 elements, not 75.

We used to initialise element 75, but this was changed to 74 to match the size
of the arrays. Buf if my reasoning is correct, it was the arrays that were too
small.

Modified Paths:
--------------
    scummvm/trunk/sound/fmopl.cpp
    scummvm/trunk/sound/fmopl.h
Modified: scummvm/trunk/sound/fmopl.cpp
===================================================================
--- scummvm/trunk/sound/fmopl.cpp	2006-03-14 20:09:13 UTC (rev 21300)
+++ scummvm/trunk/sound/fmopl.cpp	2006-03-14 20:09:32 UTC (rev 21301)
@@ -587,7 +587,7 @@
 		OPL->AR_TABLE[i] = (int)(rate / ARRATE);
 		OPL->DR_TABLE[i] = (int)(rate / DRRATE);
 	}
-	for (i = 60; i < 75; i++) {
+	for (i = 60; i < 76; i++) {
 		OPL->AR_TABLE[i] = EG_AED-1;
 		OPL->DR_TABLE[i] = OPL->DR_TABLE[60];
 	}

Modified: scummvm/trunk/sound/fmopl.h
===================================================================
--- scummvm/trunk/sound/fmopl.h	2006-03-14 20:09:13 UTC (rev 21300)
+++ scummvm/trunk/sound/fmopl.h	2006-03-14 20:09:32 UTC (rev 21301)
@@ -119,8 +119,8 @@
 	uint8 rythm;		/* Rythm mode , key flag */
 
 	/* time tables */
-	int AR_TABLE[75];	/* atttack rate tables				*/
-	int DR_TABLE[75];	/* decay rate tables				*/
+	int AR_TABLE[76];	/* atttack rate tables				*/
+	int DR_TABLE[76];	/* decay rate tables				*/
 	uint FN_TABLE[1024];/* fnumber -> increment counter		*/
 
 	/* LFO */


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

More information about the Scummvm-git-logs mailing list