[Scummvm-cvs-logs] scummvm master -> 7dc1ea9ada597146b96ee1bf4c26a105767d30e1

Strangerke Strangerke at scummvm.org
Fri Oct 25 08:11:34 CEST 2013


This automated email contains information about 3 new commits which have been
pushed to the 'scummvm' repo located at https://github.com/scummvm/scummvm .

Summary:
334e429c0a AVALANCHE: Fix several other out of bounds access - CID 1109650
8677f9aa3c AVALANCHE: Fix one more out of bounds - CID 1109651
7dc1ea9ada AVALANCHE: Fix out of bounds reads (CID 1109653-1109655)


Commit: 334e429c0ac0052f11b04e120734aae772e83074
    https://github.com/scummvm/scummvm/commit/334e429c0ac0052f11b04e120734aae772e83074
Author: Strangerke (strangerke at scummvm.org)
Date: 2013-10-24T22:49:51-07:00

Commit Message:
AVALANCHE: Fix several other out of bounds access - CID 1109650

Changed paths:
    engines/avalanche/avalot.cpp
    engines/avalanche/dialogs.cpp



diff --git a/engines/avalanche/avalot.cpp b/engines/avalanche/avalot.cpp
index 072ad00..11729ea 100644
--- a/engines/avalanche/avalot.cpp
+++ b/engines/avalanche/avalot.cpp
@@ -1564,10 +1564,12 @@ Common::String AvalancheEngine::getName(People whose) {
 
 	static const char lasses[4][15] = {"Arkata", "Geida", "\0xB1", "the Wise Woman"};
 
-	if (whose < kPeopleArkata)
+	if (whose <= kPeopleJacques)
 		return Common::String(lads[whose - kPeopleAvalot]);
-	else
+	else if ((whose >= kPeopleArkata) && (whose <= kPeopleWisewoman))
 		return Common::String(lasses[whose - kPeopleArkata]);
+	else
+		error("getName() - Unexpected character id %d", (byte) whose);
 }
 
 Common::String AvalancheEngine::getItem(byte which) {
diff --git a/engines/avalanche/dialogs.cpp b/engines/avalanche/dialogs.cpp
index e121141..8770e08 100644
--- a/engines/avalanche/dialogs.cpp
+++ b/engines/avalanche/dialogs.cpp
@@ -1164,7 +1164,9 @@ void Dialogs::sayThanks(byte thing) {
 	Common::String tmpStr = personSpeaks();
 	tmpStr += Common::String::format("Hey, thanks!%c(But now, you've lost it!)", kControlSpeechBubble);
 	displayText(tmpStr);
-	_vm->_objects[thing] = false;
+
+	if (thing < kObjectNum)
+		_vm->_objects[thing] = false;
 }
 
 /**


Commit: 8677f9aa3c689364fd1ca546520e07e65d742d71
    https://github.com/scummvm/scummvm/commit/8677f9aa3c689364fd1ca546520e07e65d742d71
Author: Strangerke (strangerke at scummvm.org)
Date: 2013-10-24T22:58:15-07:00

Commit Message:
AVALANCHE: Fix one more out of bounds - CID 1109651

Changed paths:
    engines/avalanche/avalot.cpp



diff --git a/engines/avalanche/avalot.cpp b/engines/avalanche/avalot.cpp
index 11729ea..9d65ed7 100644
--- a/engines/avalanche/avalot.cpp
+++ b/engines/avalanche/avalot.cpp
@@ -1676,6 +1676,9 @@ void AvalancheEngine::flipRoom(Room room, byte ped) {
 	if (_room == kRoomLustiesRoom)
 		_enterCatacombsFromLustiesRoom = true;
 
+	if (_room > kRoomMap)
+		return;
+
 	enterRoom(room, ped);
 	_animation->appearPed(0, ped - 1);
 	_enterCatacombsFromLustiesRoom = false;


Commit: 7dc1ea9ada597146b96ee1bf4c26a105767d30e1
    https://github.com/scummvm/scummvm/commit/7dc1ea9ada597146b96ee1bf4c26a105767d30e1
Author: Strangerke (strangerke at scummvm.org)
Date: 2013-10-24T23:10:38-07:00

Commit Message:
AVALANCHE: Fix out of bounds reads (CID 1109653-1109655)

Changed paths:
    engines/avalanche/avalot.cpp
    engines/avalanche/dialogs.cpp
    engines/avalanche/menu.cpp



diff --git a/engines/avalanche/avalot.cpp b/engines/avalanche/avalot.cpp
index 9d65ed7..b1bbf4f 100644
--- a/engines/avalanche/avalot.cpp
+++ b/engines/avalanche/avalot.cpp
@@ -1676,7 +1676,7 @@ void AvalancheEngine::flipRoom(Room room, byte ped) {
 	if (_room == kRoomLustiesRoom)
 		_enterCatacombsFromLustiesRoom = true;
 
-	if (_room > kRoomMap)
+	if (room > kRoomMap)
 		return;
 
 	enterRoom(room, ped);
diff --git a/engines/avalanche/dialogs.cpp b/engines/avalanche/dialogs.cpp
index 8770e08..66d5be2 100644
--- a/engines/avalanche/dialogs.cpp
+++ b/engines/avalanche/dialogs.cpp
@@ -689,6 +689,7 @@ void Dialogs::displayText(Common::String text) {
 				if (_param == 0)
 					setBubbleStateNatural();
 				else if ((1 <= _param) && (_param <= 9)) {
+					assert(_param - 1 < _vm->_animation->kSpriteNumbMax);
 					AnimationType *spr = _vm->_animation->_sprites[_param - 1];
 					if ((_param > _vm->_animation->kSpriteNumbMax) || (!spr->_quick)) { // Not valid.
 						_vm->errorLed();
@@ -699,6 +700,7 @@ void Dialogs::displayText(Common::String text) {
 					// Quasi-peds. (This routine performs the same
 					// thing with QPs as triptype.chatter does with the
 					// sprites.)
+					assert(_param - 10 < 16);
 					PedType *quasiPed = &_vm->_peds[kQuasipeds[_param - 10]._whichPed];
 					_talkX = quasiPed->_x;
 					_talkY = quasiPed->_y; // Position.
diff --git a/engines/avalanche/menu.cpp b/engines/avalanche/menu.cpp
index bba8e86..a3b61b4 100644
--- a/engines/avalanche/menu.cpp
+++ b/engines/avalanche/menu.cpp
@@ -782,10 +782,12 @@ byte Menu::getNameChar(People whose) {
 	static const char ladChar[] = "ASCDMTRwLfgeIyPu";
 	static const char lassChar[] = "kG\0xB1o";
 
-	if (whose < kPeopleArkata)
+	if (whose <= kPeopleJacques)
 		return ladChar[whose - kPeopleAvalot];
-	else
+	else if ((whose >= kPeopleArkata) && (whose <= kPeopleWisewoman))
 		return lassChar[whose - kPeopleArkata];
+	else
+		error("getName() - Unexpected character id %d", (byte) whose);
 }
 
 Common::String Menu::getThing(byte which) {






More information about the Scummvm-git-logs mailing list