[Scummvm-cvs-logs] scummvm master -> 0db4498bd9af61274672f02f627ccb371e2b4f75

sylvaintv sylvaintv at gmail.com
Sat Apr 9 19:09:33 CEST 2011 

This automated email contains information about 1 new commit which have been
pushed to the 'scummvm' repo located at https://github.com/scummvm/scummvm .

Summary:
0db4498bd9 TOON: Fix more valgrind issues


Commit: 0db4498bd9af61274672f02f627ccb371e2b4f75
    https://github.com/scummvm/scummvm/commit/0db4498bd9af61274672f02f627ccb371e2b4f75
Author: sylvaintv (sylvaintv at gmail.com)
Date: 2011-04-09T10:07:20-07:00

Commit Message:
TOON: Fix more valgrind issues

Fix potential more invalid read issues in RIF loading

Changed paths:
    engines/toon/hotspot.cpp
    engines/toon/tools.cpp



diff --git a/engines/toon/hotspot.cpp b/engines/toon/hotspot.cpp
index ec2344d..0573e92 100644
--- a/engines/toon/hotspot.cpp
+++ b/engines/toon/hotspot.cpp
@@ -127,7 +127,7 @@ bool Hotspots::LoadRif(Common::String rifName, Common::String additionalRifName)
 	decoder.unpackM1(rifData, size, _items);
 	if (rifsize2) {
 		RncDecoder decoder2;
-		decoder2.unpackM1(rifData2 , size, _items + (rifsize >> 9));
+		decoder2.unpackM1(rifData2 , size2, _items + (rifsize >> 9));
 		for (int32 i = 0; i < (rifsize2 >> 9); i++) {
 			HotspotData *hot = _items + (rifsize >> 9) + i;
 			hot->setData(0, hot->getX1() + 1280);
diff --git a/engines/toon/tools.cpp b/engines/toon/tools.cpp
index bad7961..da6e0f7 100644
--- a/engines/toon/tools.cpp
+++ b/engines/toon/tools.cpp
@@ -373,8 +373,21 @@ int32 RncDecoder::unpackM1(const void *input, uint16 inputSize, void *output) {
 				_dstPtr += inputLength;
 				_srcPtr += inputLength;
 				_inputByteLeft -= inputLength;
-				uint16 a = READ_LE_UINT16(_srcPtr);
-				uint16 b = READ_LE_UINT16(_srcPtr + 2);
+				uint16 a; 
+				if (_inputByteLeft <= 0)
+					a = 0;
+				else if (_inputByteLeft == 1)
+					a = *_srcPtr;
+				else
+					a = READ_LE_UINT16(_srcPtr);
+
+				uint16 b;
+				if (_inputByteLeft <= 2)
+					b = 0;
+				else if(_inputByteLeft == 3)
+					b = *(_srcPtr + 2);
+				else
+					b = READ_LE_UINT16(_srcPtr + 2);
 
 				_bitBuffl &= ((1 << _bitCount) - 1);
 				_bitBuffl |= (a << _bitCount);

More information about the Scummvm-git-logs mailing list