[Scummvm-cvs-logs] scummvm master -> 38c99889382c7142b3cb94a5a5bae5266f4ab7a3

[criezy]

This automated email contains information about 1 new commit which have been
pushed to the 'scummvm' repo located at https://github.com/scummvm/scummvm .

Summary:
38c9988938 COMMON: Fix crash in TranslationManager when reading long strings


Commit: 38c99889382c7142b3cb94a5a5bae5266f4ab7a3
    https://github.com/scummvm/scummvm/commit/38c99889382c7142b3cb94a5a5bae5266f4ab7a3
Author: Thierry Crozat (criezy at scummvm.org)
Date: 2011-06-14T15:15:50-07:00

Commit Message:
COMMON: Fix crash in TranslationManager when reading long strings

It was writing data beyond the end of a buffer. This change makes
sure this does not happen. It only changes reading of the messages
since the language codes, charset names and contexts are always
much smaller than the buffer.

Changed paths:
    common/translation.cpp



diff --git a/common/translation.cpp b/common/translation.cpp
index dc71ddc..526bebc 100644
--- a/common/translation.cpp
+++ b/common/translation.cpp
@@ -302,8 +302,13 @@ void TranslationManager::loadTranslationsInfoDat() {
 	_messageIds.resize(numMessages);
 	for (int i = 0; i < numMessages; ++i) {
 		len = in.readUint16BE();
-		in.read(buf, len);
-		_messageIds[i] = String(buf, len - 1);
+		String msg;
+		while (len > 0) {
+			in.read(buf, len > 256 ? 256 : len);
+			msg += String(buf, len > 256 ? 256 : len - 1);
+			len -= 256;
+		}
+		_messageIds[i] = msg;
 	}
 }
 
@@ -357,8 +362,13 @@ void TranslationManager::loadLanguageDat(int index) {
 	for (int i = 0; i < nbMessages; ++i) {
 		_currentTranslationMessages[i].msgid = in.readUint16BE();
 		len = in.readUint16BE();
-		in.read(buf, len);
-		_currentTranslationMessages[i].msgstr = String(buf, len - 1);
+		String msg;
+		while (len > 0) {
+			in.read(buf, len > 256 ? 256 : len);
+			msg += String(buf, len > 256 ? 256 : len - 1);
+			len -= 256;
+		}
+		_currentTranslationMessages[i].msgstr = msg;
 		len = in.readUint16BE();
 		if (len > 0) {
 			in.read(buf, len);