[Scummvm-cvs-logs] scummvm master -> 32f9b9243117a59b62e381655e7e253e6e6fad00
Strangerke
Strangerke at scummvm.org
Wed Jun 8 07:55:05 CEST 2016
This automated email contains information about 1 new commit which have been
pushed to the 'scummvm' repo located at https://github.com/scummvm/scummvm .
Summary:
32f9b92431 GNAP: Fix potential out of bound write
Commit: 32f9b9243117a59b62e381655e7e253e6e6fad00
https://github.com/scummvm/scummvm/commit/32f9b9243117a59b62e381655e7e253e6e6fad00
Author: Strangerke (strangerke at scummvm.org)
Date: 2016-06-08T07:46:35+02:00
Commit Message:
GNAP: Fix potential out of bound write
Changed paths:
engines/gnap/gamesys.cpp
diff --git a/engines/gnap/gamesys.cpp b/engines/gnap/gamesys.cpp
index d31854d..11ef6fd 100644
--- a/engines/gnap/gamesys.cpp
+++ b/engines/gnap/gamesys.cpp
@@ -1116,7 +1116,10 @@ void GameSys::fatUpdateFrame() {
if (_newSpriteDrawItemsCount > 0) {
debugC(kDebugBasic, "_newSpriteDrawItemsCount: %d", _newSpriteDrawItemsCount);
for (int k = 0; k < _newSpriteDrawItemsCount; ++k) {
- if (_gfxItemsCount < 50) {
+ // The original was allowing a buffer overflow.
+ // In order to fit in memory, insertIndex + 1 + (_gfxItemsCount - InsertIndex) must be
+ // smaller than the size _gfxItems array (50).
+ if (_gfxItemsCount + 1 < 50) {
int insertIndex;
seqLocateGfx(-1, _newSpriteDrawItems[k]._id, &insertIndex);
if (_gfxItemsCount != insertIndex)
More information about the Scummvm-git-logs
mailing list