[Scummvm-cvs-logs] SF.net SVN: scummvm: [22330] scummvm/trunk/engines/simon

[kirben at users.sourceforge.net]

Revision: 22330
Author:   kirben
Date:     2006-05-03 23:18:19 -0700 (Wed, 03 May 2006)
ViewCVS:  http://svn.sourceforge.net/scummvm/?rev=22330&view=rev

Log Message:
-----------
Don't read beyond imageCount, when looking for image

Modified Paths:
--------------
    scummvm/trunk/engines/simon/simon.cpp
    scummvm/trunk/engines/simon/vga.cpp
Modified: scummvm/trunk/engines/simon/simon.cpp
===================================================================
--- scummvm/trunk/engines/simon/simon.cpp	2006-05-04 05:13:02 UTC (rev 22329)
+++ scummvm/trunk/engines/simon/simon.cpp	2006-05-04 06:18:19 UTC (rev 22330)
@@ -1414,7 +1414,7 @@
 	uint num, num_lines;
 	VgaPointersEntry *vpe;
 	byte *bb, *b;
-	// uint16 count;
+	uint16 count;
 	const byte *vc_ptr_org;
 
 	_windowNum = mode;
@@ -1454,18 +1454,27 @@
 
 	if (getGameType() == GType_FF) {
 		b = bb + READ_LE_UINT16(&((VgaFileHeader_Feeble *) bb)->hdr2_start);
-		//count = READ_LE_UINT16(&((VgaFileHeader2_Feeble *) b)->imageCount);
+		count = READ_LE_UINT16(&((VgaFileHeader2_Feeble *) b)->imageCount);
 		b = bb + READ_LE_UINT16(&((VgaFileHeader2_Feeble *) b)->imageTable);
 
-		while (READ_LE_UINT16(&((ImageHeader_Feeble *) b)->id) != vga_res_id)
+		while (count--) {
+			if (READ_LE_UINT16(&((ImageHeader_Feeble *) b)->id) == vga_res_id)
+				break;
 			b += sizeof(ImageHeader_Feeble);
+		}
+		assert(READ_LE_UINT16(&((ImageHeader_Feeble *) b)->id) == vga_res_id);
+
 	} else {
 		b = bb + READ_BE_UINT16(&((VgaFileHeader_Simon *) bb)->hdr2_start);
-		//count = READ_BE_UINT16(&((VgaFileHeader2_Simon *) b)->imageCount);
+		count = READ_BE_UINT16(&((VgaFileHeader2_Simon *) b)->imageCount);
 		b = bb + READ_BE_UINT16(&((VgaFileHeader2_Simon *) b)->imageTable);
 
-		while (READ_BE_UINT16(&((ImageHeader_Simon *) b)->id) != vga_res_id)
+		while (count--) {
+			if (READ_BE_UINT16(&((ImageHeader_Simon *) b)->id) == vga_res_id)
+				break;
 			b += sizeof(ImageHeader_Simon);
+		}
+		assert(READ_BE_UINT16(&((ImageHeader_Simon *) b)->id) == vga_res_id);
 	}
 
 	if (getGameType() == GType_SIMON1) {

Modified: scummvm/trunk/engines/simon/vga.cpp
===================================================================
--- scummvm/trunk/engines/simon/vga.cpp	2006-05-04 05:13:02 UTC (rev 22329)
+++ scummvm/trunk/engines/simon/vga.cpp	2006-05-04 06:18:19 UTC (rev 22330)
@@ -297,7 +297,7 @@
 
 void SimonEngine::vc2_call() {
 	VgaPointersEntry *vpe;
-	uint16 num, res;
+	uint16 count, num, res;
 	byte *old_file_1, *old_file_2;
 	byte *b, *bb;
 	const byte *vc_ptr_org;
@@ -326,16 +326,26 @@
 	bb = _curVgaFile1;
 	if (getGameType() == GType_FF) {
 		b = bb + READ_LE_UINT16(&((VgaFileHeader_Feeble *) bb)->hdr2_start);
+		count = READ_LE_UINT16(&((VgaFileHeader2_Feeble *) b)->imageCount);
 		b = bb + READ_LE_UINT16(&((VgaFileHeader2_Feeble *) b)->imageTable);
 
-		while (READ_LE_UINT16(&((ImageHeader_Feeble *) b)->id) != num)
+		while (count--) {
+			if (READ_LE_UINT16(&((ImageHeader_Feeble *) b)->id) == num)
+				break;
 			b += sizeof(ImageHeader_Feeble);
+		}
+		assert(READ_LE_UINT16(&((ImageHeader_Feeble *) b)->id) == num);
 	} else {
 		b = bb + READ_BE_UINT16(&((VgaFileHeader_Simon *) bb)->hdr2_start);
+		count = READ_BE_UINT16(&((VgaFileHeader2_Simon *) b)->imageCount);
 		b = bb + READ_BE_UINT16(&((VgaFileHeader2_Simon *) b)->imageTable);
 
-		while (READ_BE_UINT16(&((ImageHeader_Simon *) b)->id) != num)
+		while (count--) {
+			if (READ_BE_UINT16(&((ImageHeader_Simon *) b)->id) == num)
+				break;
 			b += sizeof(ImageHeader_Simon);
+		}
+		assert(READ_BE_UINT16(&((ImageHeader_Simon *) b)->id) == num);
 	}
 
 	vc_ptr_org = _vcPtr;


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.