[Scummvm-cvs-logs] CVS: scummvm scummvm.cpp,1.17,1.18 gfx.cpp,1.12,1.13 windows.cpp,1.12,1.13 resource.cpp,1.10,1.11 object.cpp,1.9,1.10 saveload.cpp,1.8,1.9 script.cpp,1.7,1.8

Ludvig Strigeus strigeus at users.sourceforge.net
Tue Nov 6 13:30:04 CET 2001


Update of /cvsroot/scummvm/scummvm
In directory usw-pr-cvs1:/tmp/cvs-serv24739

Modified Files:
	scummvm.cpp gfx.cpp windows.cpp resource.cpp object.cpp 
	saveload.cpp script.cpp 
Log Message:
fix in save game loader,
sizeof(an element) * number of elements instead of sizeof(a pointer) fixed it,
buffer out of bounds read fixed in Scumm::isMaskActiveAt

Index: scummvm.cpp
===================================================================
RCS file: /cvsroot/scummvm/scummvm/scummvm.cpp,v
retrieving revision 1.17
retrieving revision 1.18
diff -C2 -d -r1.17 -r1.18
*** scummvm.cpp	2001/11/06 20:18:26	1.17
--- scummvm.cpp	2001/11/06 21:29:23	1.18
***************
*** 30,35 ****
  	_numLocalObjects = 200;
  	_numVerbs = 100;
  	
! 	_inventory = (uint16*)alloc(0x50 * sizeof(uint16));
  	_verbs = (VerbSlot*)alloc(100 * sizeof(VerbSlot));
  	_objs = (ObjectData*)alloc(200 * sizeof(ObjectData));
--- 30,36 ----
  	_numLocalObjects = 200;
  	_numVerbs = 100;
+ 	_numInventory = 80;
  	
! 	_inventory = (uint16*)alloc(_numInventory * sizeof(uint16));
  	_verbs = (VerbSlot*)alloc(100 * sizeof(VerbSlot));
  	_objs = (ObjectData*)alloc(200 * sizeof(ObjectData));
***************
*** 85,91 ****
  		initActor(a, 1);
  	}
- 
- //	memset(vm.vars, 0, sizeof(vm.vars));
- //	memset(vm.bitvars, 0, sizeof(vm.bitvars));
  
  	_defaultTalkDelay = 60;
--- 86,89 ----

Index: gfx.cpp
===================================================================
RCS file: /cvsroot/scummvm/scummvm/gfx.cpp,v
retrieving revision 1.12
retrieving revision 1.13
diff -C2 -d -r1.12 -r1.13
*** gfx.cpp	2001/11/06 20:00:47	1.12
--- gfx.cpp	2001/11/06 21:29:23	1.13
***************
*** 84,91 ****
  		size += 320*4;
  
! 	memset(createResource(rtBuffer, slot+1, size),0,size);
  
  	if (twobufs) {
! 		memset(createResource(rtBuffer, slot+5, size),0x23,size);
  	}
  
--- 84,91 ----
  		size += 320*4;
  
! 	createResource(rtBuffer, slot+1, size);
  
  	if (twobufs) {
! 		createResource(rtBuffer, slot+5, size);
  	}
  
***************
*** 321,325 ****
  	size = itemsize * gdi._numZBuffer;
  
! 	memset(createResource(rtBuffer, 9, size), 0, size);
  	
  	for (i=0; i<4; i++)
--- 321,325 ----
  	size = itemsize * gdi._numZBuffer;
  
! 	createResource(rtBuffer, 9, size);
  	
  	for (i=0; i<4; i++)
***************
*** 1722,1742 ****
  
  byte Scumm::isMaskActiveAt(int l, int t, int r, int b, byte *mem) {
! 	int w,h,inc,i;
  	
! 	if (l<0 || t<0) {
! 		l = 0;
! 	}
  
! 	mem += b*40 + (l>>3);
  
! 	w = (r>>3) - (l>>3) + 1;
! 	inc = w+40;
! 	h = b-t-1;
  
  	do {
! 		for(i=0; i<w; i++)
  			if (mem[i])
  				return true;
! 		mem -= 40;
  	} while (--h);
  	
--- 1722,1744 ----
  
  byte Scumm::isMaskActiveAt(int l, int t, int r, int b, byte *mem) {
! 	int w,h,i;
  	
! 	l>>=3;
! 	if (l<0) l = 0;
! 	if (t<0) t = 0;
  
! 	r>>=3;
! 	if (r>39) r=39;
  
! 	mem += l + t*40;
  
+ 	w = r-l;
+ 	h = b-t+1;
+ 
  	do {
! 		for(i=0; i<=w; i++)
  			if (mem[i])
  				return true;
! 		mem += 40;
  	} while (--h);
  	

Index: windows.cpp
===================================================================
RCS file: /cvsroot/scummvm/scummvm/windows.cpp,v
retrieving revision 1.12
retrieving revision 1.13
diff -C2 -d -r1.12 -r1.13
*** windows.cpp	2001/11/06 20:00:47	1.12
--- windows.cpp	2001/11/06 21:29:23	1.13
***************
*** 18,21 ****
--- 18,26 ----
   * Change Log:
   * $Log$
+  * Revision 1.13  2001/11/06 21:29:23  strigeus
+  * fix in save game loader,
+  * sizeof(an element) * number of elements instead of sizeof(a pointer) fixed it,
+  * buffer out of bounds read fixed in Scumm::isMaskActiveAt
+  *
   * Revision 1.12  2001/11/06 20:00:47  strigeus
   * full screen flag,
***************
*** 938,941 ****
--- 943,949 ----
  
  void drawMouse(Scumm *s, int, int, int, byte*, bool) {
+ }
+ 
+ void drawMouse(Scumm *s, int x, int y, int w, int h, byte *buf, bool visible) {
  }
  

Index: resource.cpp
===================================================================
RCS file: /cvsroot/scummvm/scummvm/resource.cpp,v
retrieving revision 1.10
retrieving revision 1.11
diff -C2 -d -r1.10 -r1.11
*** resource.cpp	2001/11/06 20:00:47	1.10
--- resource.cpp	2001/11/06 21:29:23	1.11
***************
*** 707,710 ****
--- 707,711 ----
  	byte best_counter;
  	int best_type, best_res;
+ 	uint32 oldAllocatedSize;
  
  	if (_expire_counter != 0xFF) {
***************
*** 716,719 ****
--- 717,722 ----
  		return;
  
+ 	oldAllocatedSize = _allocatedSize;
+ 
  	do {
  		best_type = 0;
***************
*** 736,739 ****
--- 739,744 ----
  		nukeResource(best_type, best_res);
  	} while (size + _allocatedSize > _minHeapThreshold);
+ 
+ 	debug(1, "Expired resources, mem %d -> %d", oldAllocatedSize, _allocatedSize);
  }
  

Index: object.cpp
===================================================================
RCS file: /cvsroot/scummvm/scummvm/object.cpp,v
retrieving revision 1.9
retrieving revision 1.10
diff -C2 -d -r1.9 -r1.10
*** object.cpp	2001/11/06 20:00:47	1.9
--- object.cpp	2001/11/06 21:29:23	1.10
***************
*** 86,89 ****
--- 86,91 ----
  	int i;
  
+ 	assert(object>=0 && object < _numGlobalObjects);
+ 
  	if ((_objectFlagTable[object]&0xF)!=0xF) {
  		for (i=0; i<_maxInventoryItems; i++)

Index: saveload.cpp
===================================================================
RCS file: /cvsroot/scummvm/scummvm/saveload.cpp,v
retrieving revision 1.8
retrieving revision 1.9
diff -C2 -d -r1.8 -r1.9
*** saveload.cpp	2001/11/06 20:00:47	1.8
--- saveload.cpp	2001/11/06 21:29:23	1.9
***************
*** 80,89 ****
  
  	openRoom(-1);
! 	memset(_inventory, 0, sizeof(_inventory));
  
  	/* Nuke all resources */
! 	for (i=1; i<16; i++)
! 		if (!(i==13 || i==12 || i==10 || res.mode[i]))
! 			for(j=1; j<res.num[i]; j++)
  				nukeResource(i,j);
  
--- 80,89 ----
  
  	openRoom(-1);
! 	memset(_inventory, 0, sizeof(_inventory[0])*_numInventory);
  
  	/* Nuke all resources */
! 	for (i=1; i<=16; i++)
! 		if (!(i==rtFlObject || i==rtTemp || i==rtBuffer || res.mode[i]))
! 			for(j=0; j<res.num[i]; j++)
  				nukeResource(i,j);
  

Index: script.cpp
===================================================================
RCS file: /cvsroot/scummvm/scummvm/script.cpp,v
retrieving revision 1.7
retrieving revision 1.8
diff -C2 -d -r1.7 -r1.8
*** script.cpp	2001/11/06 20:00:47	1.7
--- script.cpp	2001/11/06 21:29:23	1.8
***************
*** 708,711 ****
--- 708,712 ----
  
  	objptr = getObjectAddress(obj);
+ 	assert(objptr);
  
  	verbptr = findResource(MKID('VERB'), objptr, 0);





More information about the Scummvm-git-logs mailing list