[Scummvm-cvs-logs] SF.net SVN: scummvm:[33782] scummvm/trunk/engines/cine

buddha_ at users.sourceforge.net buddha_ at users.sourceforge.net
Mon Aug 11 22:18:37 CEST 2008 

Revision: 33782
          http://scummvm.svn.sourceforge.net/scummvm/?rev=33782&view=rev
Author:   buddha_
Date:     2008-08-11 20:18:33 +0000 (Mon, 11 Aug 2008)

Log Message:
-----------
Added a safeguard to readBundleFile so it shouldn't corrupt memory even if the input says the data's unpacked size is less than its packed size (This shouldn't ever happen with non-corrupted data).

Modified Paths:
--------------
    scummvm/trunk/engines/cine/part.cpp
    scummvm/trunk/engines/cine/part.h

Modified: scummvm/trunk/engines/cine/part.cpp
===================================================================
--- scummvm/trunk/engines/cine/part.cpp	2008-08-11 20:09:03 UTC (rev 33781)
+++ scummvm/trunk/engines/cine/part.cpp	2008-08-11 20:18:33 UTC (rev 33782)
@@ -212,18 +212,18 @@
 	return -1;
 }
 
-void readFromPart(int16 idx, byte *dataPtr) {
+void readFromPart(int16 idx, byte *dataPtr, uint32 maxSize) {
 	setMouseCursor(MOUSE_CURSOR_DISK);
 
 	g_cine->_partFileHandle.seek(partBuffer[idx].offset, SEEK_SET);
-	g_cine->_partFileHandle.read(dataPtr, partBuffer[idx].packedSize);
+	g_cine->_partFileHandle.read(dataPtr, MIN(partBuffer[idx].packedSize, maxSize));
 }
 
 byte *readBundleFile(int16 foundFileIdx) {
 	assert(foundFileIdx >= 0 && foundFileIdx < numElementInPart);
 	bool error = false;
 	byte *dataPtr = (byte *)calloc(partBuffer[foundFileIdx].unpackedSize, 1);
-	readFromPart(foundFileIdx, dataPtr);
+	readFromPart(foundFileIdx, dataPtr, partBuffer[foundFileIdx].unpackedSize);
 	if (partBuffer[foundFileIdx].unpackedSize > partBuffer[foundFileIdx].packedSize) {
 		CineUnpacker cineUnpacker;
 		error = !cineUnpacker.unpack(dataPtr, partBuffer[foundFileIdx].packedSize, dataPtr, partBuffer[foundFileIdx].unpackedSize);

Modified: scummvm/trunk/engines/cine/part.h
===================================================================
--- scummvm/trunk/engines/cine/part.h	2008-08-11 20:09:03 UTC (rev 33781)
+++ scummvm/trunk/engines/cine/part.h	2008-08-11 20:18:33 UTC (rev 33782)
@@ -44,7 +44,7 @@
 
 int16 findFileInBundle(const char *fileName);
 
-void readFromPart(int16 idx, byte *dataPtr);
+void readFromPart(int16 idx, byte *dataPtr, uint32 maxSize);
 
 byte *readBundleFile(int16 foundFileIdx);
 byte *readBundleSoundFile(const char *entryName, uint32 *size = 0);


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

More information about the Scummvm-git-logs mailing list