[Scummvm-cvs-logs] SF.net SVN: scummvm: [22134] scummvm/trunk/engines/simon

kirben at users.sourceforge.net kirben at users.sourceforge.net
Sun Apr 23 23:47:04 CEST 2006


Revision: 22134
Author:   kirben
Date:     2006-04-23 23:46:31 -0700 (Sun, 23 Apr 2006)
ViewCVS:  http://svn.sourceforge.net/scummvm/?rev=22134&view=rev

Log Message:
-----------
Restrict variables sizes, when reading from vcReadNextWord(), to prevent overflows

Modified Paths:
--------------
    scummvm/trunk/engines/simon/simon.h
    scummvm/trunk/engines/simon/vga.cpp
Modified: scummvm/trunk/engines/simon/simon.h
===================================================================
--- scummvm/trunk/engines/simon/simon.h	2006-04-24 06:02:47 UTC (rev 22133)
+++ scummvm/trunk/engines/simon/simon.h	2006-04-24 06:46:31 UTC (rev 22134)
@@ -1027,7 +1027,7 @@
 	void vcWriteVar(uint var, int16 value);
 	void vcSkipNextInstruction();
 
-	int getScale(int y, int x);
+	int getScale(int16 y, int16 x);
 	void checkScrollX(int16 x, int16 xpos);
 	void checkScrollY(int16 y, int16 ypos);
 	void centreScroll();

Modified: scummvm/trunk/engines/simon/vga.cpp
===================================================================
--- scummvm/trunk/engines/simon/vga.cpp	2006-04-24 06:02:47 UTC (rev 22133)
+++ scummvm/trunk/engines/simon/vga.cpp	2006-04-24 06:46:31 UTC (rev 22134)
@@ -219,14 +219,15 @@
 		6, 4, 2, 6, 0
 	};
 
+	uint16 opcode;
 	if (getGameType() == GType_FF) {
-		uint opcode = vcReadNextByte();
+		opcode = vcReadNextByte();
 		_vcPtr += opcodeParamLenFeebleFiles[opcode];
 	} else if (getGameType() == GType_SIMON2) {
-		uint opcode = vcReadNextByte();
+		opcode = vcReadNextByte();
 		_vcPtr += opcodeParamLenSimon2[opcode];
 	} else {
-		uint opcode = vcReadNextWord();
+		opcode = vcReadNextWord();
 		_vcPtr += opcodeParamLenSimon1[opcode];
 	}
 
@@ -414,8 +415,8 @@
 }
 
 void SimonEngine::vc5_skip_if_neq() {
-	uint var = vcReadNextWord();
-	uint value = vcReadNextWord();
+	uint16 var = vcReadNextWord();
+	uint16 value = vcReadNextWord();
 	if (vcReadVar(var) != value)
 		vcSkipNextInstruction();
 }
@@ -431,15 +432,15 @@
 }
 
 void SimonEngine::vc8_skip_if_parent_is() {
-	uint a = vcReadNextWord();
-	uint b = vcReadNextWord();
+	uint16 a = vcReadNextWord();
+	uint16 b = vcReadNextWord();
 	if (!itemIsParentOf(a, b))
 		vcSkipNextInstruction();
 }
 
 void SimonEngine::vc9_skip_if_unk3_is() {
-	uint a = vcReadNextWord();
-	uint b = vcReadNextWord();
+	uint16 a = vcReadNextWord();
+	uint16 b = vcReadNextWord();
 	if (!vc_maybe_skip_proc_1(a, b))
 		vcSkipNextInstruction();
 }
@@ -1417,7 +1418,7 @@
 
 void SimonEngine::vc12_delay() {
 	VgaSprite *vsp = findCurSprite();
-	uint num;
+	uint16 num;
 
 	if (getGameType() == GType_FF) {
 		num = vcReadNextByte();
@@ -1485,7 +1486,7 @@
 }
 
 void SimonEngine::vc17_setPathfinderItem() {
-	uint a = vcReadNextWord();
+	uint16 a = vcReadNextWord();
 	_pathFindArray[a - 1] = (const uint16 *)_vcPtr;
 
 	int end = (getGameType() == GType_FF) ? 9999 : 999;
@@ -1534,8 +1535,8 @@
 }
 
 void SimonEngine::vc22_setSpritePalette() {
-	uint a = vcReadNextWord();
-	uint b = vcReadNextWord();
+	uint16 a = vcReadNextWord();
+	uint16 b = vcReadNextWord();
 	uint num = a == 0 ? 32 : 16;
 	uint palSize = 96;
 	byte *palptr, *src;
@@ -1723,8 +1724,8 @@
 
 void SimonEngine::vc36_setWindowImage() {
 	_updateScreen = false;
-	uint vga_res = vcReadNextWord();
-	uint windowNum = vcReadNextWord();
+	uint16 vga_res = vcReadNextWord();
+	uint16 windowNum = vcReadNextWord();
 
 	if (getGameType() == GType_FF) {
 		// TODO
@@ -1746,19 +1747,19 @@
 }
 
 void SimonEngine::vc38_skipIfVarZero() {
-	uint var = vcReadNextWord();
+	uint16 var = vcReadNextWord();
 	if (vcReadVar(var) == 0)
 		vcSkipNextInstruction();
 }
 
 void SimonEngine::vc39_setVar() {
-	uint var = vcReadNextWord();
+	uint16 var = vcReadNextWord();
 	int16 value = vcReadNextWord();
 	vcWriteVar(var, value);
 }
 
 void SimonEngine::vc40() {
-	uint var = vcReadNextWord();
+	uint16 var = vcReadNextWord();
 	int16 value = vcReadVar(var) + vcReadNextWord();
 
 	if ((getGameType() == GType_SIMON2) && var == 15 && !getBitFlag(80)) {
@@ -1787,7 +1788,7 @@
 }
 
 void SimonEngine::vc41() {
-	uint var = vcReadNextWord();
+	uint16 var = vcReadNextWord();
 	int16 value = vcReadVar(var) - vcReadNextWord();
 
 	if ((getGameType() == GType_SIMON2) && var == 15 && !getBitFlag(80)) {
@@ -1813,7 +1814,7 @@
 }
 
 void SimonEngine::vc42_delayIfNotEQ() {
-	uint val = vcReadVar(vcReadNextWord());
+	uint16 val = vcReadVar(vcReadNextWord());
 	if (val != vcReadNextWord()) {
 
 		addVgaEvent(_frameRate + 1, _vcPtr - 4, _vgaCurSpriteId, _vgaCurZoneNum);
@@ -1846,12 +1847,12 @@
 }
 
 void SimonEngine::vc47_addToVar() {
-	uint var = vcReadNextWord();
+	uint16 var = vcReadNextWord();
 	vcWriteVar(var, vcReadVar(var) + vcReadVar(vcReadNextWord()));
 }
 
 void SimonEngine::vc48_setPathFinder() {
-	uint a = (uint16)_variableArrayPtr[12];
+	uint16 a = (uint16)_variableArrayPtr[12];
 	const uint16 *p = _pathFindArray[a - 1];
 
 	if (getGameType() == GType_FF) {
@@ -1934,7 +1935,7 @@
 }
 
 void SimonEngine::vc49_setBit() {
-	uint bit = vcReadNextWord();
+	uint16 bit = vcReadNextWord();
 	if (getGameType() == GType_FF && bit == 82) {
 		_variableArrayPtr = _variableArray2;
 	}
@@ -1942,7 +1943,7 @@
 }
 
 void SimonEngine::vc50_clearBit() {
-	uint bit = vcReadNextWord();
+	uint16 bit = vcReadNextWord();
 	if (getGameType() == GType_FF && bit == 82) {
 		_variableArrayPtr = _variableArray;
 	}
@@ -2032,7 +2033,7 @@
 }
 
 void SimonEngine::vc56_delay() {
-	uint num = vcReadVarOrWord() * _frameRate;
+	uint16 num = vcReadVarOrWord() * _frameRate;
 
 	addVgaEvent(num + VGA_DELAY_BASE, _vcPtr, _vgaCurSpriteId, _vgaCurZoneNum);
 	_vcPtr = (byte *)&_vc_get_out_of_code;
@@ -2043,9 +2044,9 @@
 		if (!_sound->isVoiceActive())
 			vcSkipNextInstruction();
 	} else {
-		uint file = vcReadNextWord();
-		uint start = vcReadNextWord();
-		uint end = vcReadNextWord() + 1;
+		uint16 file = vcReadNextWord();
+		uint16 start = vcReadNextWord();
+		uint16 end = vcReadNextWord() + 1;
 
 		do {
 			vc_kill_sprite(file, start);
@@ -2054,8 +2055,8 @@
 }
 
 void SimonEngine::vc58() {
-	uint sprite = _vgaCurSpriteId;
-	uint file = _vgaCurZoneNum;
+	uint16 sprite = _vgaCurSpriteId;
+	uint16 file = _vgaCurZoneNum;
 	const byte *vc_ptr_org;
 	uint16 tmp;
 
@@ -2123,14 +2124,14 @@
 }
 
 void SimonEngine::vc60_killSprite() {
-	uint zoneNum;
+	uint16 zoneNum;
 
 	if (getGameType() == GType_SIMON1) {
 		zoneNum = _vgaCurZoneNum;
 	} else {
 		zoneNum = vcReadNextWord();
 	}
-	uint sprite = vcReadNextWord();
+	uint16 sprite = vcReadNextWord();
 	vc_kill_sprite(zoneNum, sprite);
 }
 
@@ -2252,24 +2253,24 @@
 }
 
 void SimonEngine::vc66_skipIfNotEqual() {
-	uint a = vcReadNextWord();
-	uint b = vcReadNextWord();
+	uint16 a = vcReadNextWord();
+	uint16 b = vcReadNextWord();
 
 	if (vcReadVar(a) != vcReadVar(b))
 		vcSkipNextInstruction();
 }
 
 void SimonEngine::vc67_skipIfGE() {
-	uint a = vcReadNextWord();
-	uint b = vcReadNextWord();
+	uint16 a = vcReadNextWord();
+	uint16 b = vcReadNextWord();
 
 	if (vcReadVar(a) >= vcReadVar(b))
 		vcSkipNextInstruction();
 }
 
 void SimonEngine::vc68_skipIfLE() {
-	uint a = vcReadNextWord();
-	uint b = vcReadNextWord();
+	uint16 a = vcReadNextWord();
+	uint16 b = vcReadNextWord();
 
 	if (vcReadVar(a) <= vcReadVar(b))
 		vcSkipNextInstruction();
@@ -2356,22 +2357,22 @@
 	_marks &= ~(1 << vcReadNextWord());
 }
 
-int SimonEngine::getScale(int y, int x) {
-	int z;
+int SimonEngine::getScale(int16 y, int16 x) {
+	int16 z;
 
 	if (y > _baseY) {
-		return((int)(x * (1 + ((y - _baseY) * _scale))));
+		return((int16)(x * (1 + ((y - _baseY) * _scale))));
 	} else {	
 		if (x == 0)
 			return(0);
 		if (x < 0) {
-			z = ((int)((x * (1 - ((_baseY - y)* _scale))) - 0.5));
+			z = ((int16)((x * (1 - ((_baseY - y)* _scale))) - 0.5));
 			if (z >- 2)
 				return(-2);
 			return(z);
 		}
 
-		z=((int)((x * (1 - ((_baseY-y) * _scale))) + 0.5));
+		z = ((int16)((x * (1 - ((_baseY - y) * _scale))) + 0.5));
 		if (z < 2)
 			return(2);
 
@@ -2389,7 +2390,7 @@
 
 	vsp->image = vcReadNextWord();
 	int16 x = vcReadNextWord();
-	int var = vcReadNextWord();
+	uint16 var = vcReadNextWord();
 
 	vsp->x += getScale(vsp->y, x);
 	_variableArrayPtr[var] = vsp->x;
@@ -2404,7 +2405,7 @@
 
 	vsp->image = vcReadNextWord();
 	int16 y = vcReadNextWord();
-	int var = vcReadNextWord();
+	uint16 var = vcReadNextWord();
 
 	vsp->y += getScale(vsp->y, y);
 	_variableArrayPtr[var] = vsp->y;
@@ -2418,8 +2419,8 @@
 void SimonEngine::vc78_computeXY() {
 	VgaSprite *vsp = findCurSprite();
 
-	uint a = (uint16)_variableArrayPtr[12];
-	uint b = (uint16)_variableArrayPtr[13];
+	uint16 a = (uint16)_variableArrayPtr[12];
+	uint16 b = (uint16)_variableArrayPtr[13];
 
 	const uint16 *p = _pathFindArray[a - 1];
 	p += b * 2;
@@ -2465,8 +2466,8 @@
 }
 
 void SimonEngine::vc81_setRandom() {
-	uint var = vcReadNextWord();
-	uint value = vcReadNextWord();
+	uint16 var = vcReadNextWord();
+	uint16 value = vcReadNextWord();
 	writeVariable(var, _rnd.getRandomNumber(value - 1));
 }
 
@@ -2485,7 +2486,7 @@
 }
 
 void SimonEngine::vc83_playSoundLoop() {
-	uint sound = vcReadNextWord();
+	uint16 sound = vcReadNextWord();
 	int16 vol = vcReadNextWord();
 	int16 pan = vcReadNextWord();
 


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.





More information about the Scummvm-git-logs mailing list