[Scummvm-cvs-logs] SF.net SVN: scummvm: [24866] scummvm/trunk/engines/gob/draw_v2.cpp

drmccoy at users.sourceforge.net drmccoy at users.sourceforge.net
Sun Dec 17 22:21:51 CET 2006 

Revision: 24866
          http://scummvm.svn.sourceforge.net/scummvm/?rev=24866&view=rev
Author:   drmccoy
Date:     2006-12-17 13:20:51 -0800 (Sun, 17 Dec 2006)

Log Message:
-----------
Added a range check in Draw_v2::printText(), fixing invalid reads. It *shouldn't* pose any problem
s

Modified Paths:
--------------
    scummvm/trunk/engines/gob/draw_v2.cpp

Modified: scummvm/trunk/engines/gob/draw_v2.cpp
===================================================================
--- scummvm/trunk/engines/gob/draw_v2.cpp	2006-12-17 19:41:41 UTC (rev 24865)
+++ scummvm/trunk/engines/gob/draw_v2.cpp	2006-12-17 21:20:51 UTC (rev 24866)
@@ -118,6 +118,7 @@
 	int16 strPosBak;
 	int16 maskChar;
 	int16 width;
+	int16 size;
 
 	index = _vm->_inter->load16();
 
@@ -126,6 +127,7 @@
 	if ((_vm->_game->_totTextData == 0) || (_vm->_game->_totTextData->dataPtr == 0))
 		return;
 
+	size = _vm->_game->_totTextData->items[index].size;
 	dataPtr = _vm->_game->_totTextData->dataPtr + _vm->_game->_totTextData->items[index].offset;
 	ptr = dataPtr;
 
@@ -158,7 +160,7 @@
 
 	ptr += 8;
 
-	_backColor = *ptr++;
+	_backColor = (byte) *ptr++;
 	_transparency = 1;
 
 	spriteOperation(DRAW_CLEARRECT);
@@ -189,7 +191,9 @@
 	}
 	ptr += 2;
 
-	for (ptr2 = ptr; *ptr2 != 1; ptr2++) {
+	// Adding the boundary check *shouldn't* pose any problems, since access behind
+	// that point should be forbidden anyway.
+	for (i = 0, ptr2 = ptr; ((ptr2 - dataPtr) < size) && (*ptr2 != 1); ptr2++, i++) {
 		if ((_vm->_game->_totFileData[0x29] < 0x32) && (*ptr2 > 3) && (*ptr2 < 32))
 			*ptr2 = 32;
 
@@ -226,7 +230,7 @@
 			break;
 
 		case 10:
-			ptr2 += (ptr2[1] * 2) + 2;
+			ptr2 += (((byte) ptr2[1]) * 2) + 2;
 			break;
 
 		default:
@@ -337,7 +341,7 @@
 
 		case 4:
 			ptr++;
-			frontColor = *ptr++;
+			frontColor = (byte) *ptr++;
 			break;
 
 		case 6:


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

More information about the Scummvm-git-logs mailing list