[Scummvm-cvs-logs] SF.net SVN: scummvm:[53726] scummvm/trunk/engines/scumm

Kirben at users.sourceforge.net Kirben at users.sourceforge.net
Sat Oct 23 04:18:09 CEST 2010 

Revision: 53726
          http://scummvm.svn.sourceforge.net/scummvm/?rev=53726&view=rev
Author:   Kirben
Date:     2010-10-23 02:18:08 +0000 (Sat, 23 Oct 2010)

Log Message:
-----------
SCUMM: Fix buffer overflow, that was causing crashes when saving in Backyard Baseball 2001/2003.

Modified Paths:
--------------
    scummvm/trunk/engines/scumm/he/script_v100he.cpp
    scummvm/trunk/engines/scumm/he/script_v60he.cpp
    scummvm/trunk/engines/scumm/he/script_v72he.cpp
    scummvm/trunk/engines/scumm/scumm.cpp
    scummvm/trunk/engines/scumm/scumm.h

Modified: scummvm/trunk/engines/scumm/he/script_v100he.cpp
===================================================================
--- scummvm/trunk/engines/scumm/he/script_v100he.cpp	2010-10-23 00:30:21 UTC (rev 53725)
+++ scummvm/trunk/engines/scumm/he/script_v100he.cpp	2010-10-23 02:18:08 UTC (rev 53726)
@@ -1623,13 +1623,11 @@
 
 	case 137:
 		byte buffer[256];
-		int r;
 
 		copyScriptString((byte *)buffer, sizeof(buffer));
 
-		r = convertFilePath(buffer, sizeof(buffer));
-		memcpy(_saveLoadFileName, buffer + r, sizeof(buffer) - r);
-		debug(1, "o100_roomOps: case 137: filename %s", _saveLoadFileName);
+		_saveLoadFileName = (char *)buffer + convertFilePath(buffer, sizeof(buffer));
+		debug(1, "o100_roomOps: case 137: filename %s", _saveLoadFileName.c_str());
 
 		_saveLoadFlag = pop();
 		_saveLoadSlot = 255;

Modified: scummvm/trunk/engines/scumm/he/script_v60he.cpp
===================================================================
--- scummvm/trunk/engines/scumm/he/script_v60he.cpp	2010-10-23 00:30:21 UTC (rev 53725)
+++ scummvm/trunk/engines/scumm/he/script_v60he.cpp	2010-10-23 02:18:08 UTC (rev 53726)
@@ -283,15 +283,14 @@
 		break;
 	case 221:
 		byte buffer[100];
-		int len, r;
+		int len;
 
 		convertMessageToString(_scriptPointer, buffer, sizeof(buffer));
 		len = resStrLen(_scriptPointer);
 		_scriptPointer += len + 1;
 
-		r = convertFilePath(buffer, sizeof(buffer));
-		memcpy(_saveLoadFileName, buffer + r, sizeof(buffer) - r);
-		debug(1, "o60_roomOps: case 221: filename %s", _saveLoadFileName);
+		_saveLoadFileName = (char *)buffer + convertFilePath(buffer, sizeof(buffer));
+		debug(1, "o60_roomOps: case 221: filename %s", _saveLoadFileName.c_str());
 
 		_saveLoadFlag = pop();
 		_saveLoadSlot = 255;

Modified: scummvm/trunk/engines/scumm/he/script_v72he.cpp
===================================================================
--- scummvm/trunk/engines/scumm/he/script_v72he.cpp	2010-10-23 00:30:21 UTC (rev 53725)
+++ scummvm/trunk/engines/scumm/he/script_v72he.cpp	2010-10-23 02:18:08 UTC (rev 53726)
@@ -711,13 +711,11 @@
 
 	case 221:
 		byte buffer[256];
-		int r;
 
 		copyScriptString((byte *)buffer, sizeof(buffer));
 
-		r = convertFilePath(buffer, sizeof(buffer));
-		memcpy(_saveLoadFileName, buffer + r, sizeof(buffer) - r);
-		debug(1, "o72_roomOps: case 221: filename %s", _saveLoadFileName);
+		_saveLoadFileName = (char *)buffer + convertFilePath(buffer, sizeof(buffer));
+		debug(1, "o72_roomOps: case 221: filename %s", _saveLoadFileName.c_str());
 
 		_saveLoadFlag = pop();
 		_saveLoadSlot = 255;

Modified: scummvm/trunk/engines/scumm/scumm.cpp
===================================================================
--- scummvm/trunk/engines/scumm/scumm.cpp	2010-10-23 00:30:21 UTC (rev 53725)
+++ scummvm/trunk/engines/scumm/scumm.cpp	2010-10-23 02:18:08 UTC (rev 53726)
@@ -210,7 +210,6 @@
 	_saveLoadSlot = 0;
 	_lastSaveTime = 0;
 	_saveTemporaryState = false;
-	memset(_saveLoadFileName, 0, sizeof(_saveLoadFileName));
 	memset(_saveLoadName, 0, sizeof(_saveLoadName));
 	memset(_localScriptOffsets, 0, sizeof(_localScriptOffsets));
 	_scriptPointer = NULL;

Modified: scummvm/trunk/engines/scumm/scumm.h
===================================================================
--- scummvm/trunk/engines/scumm/scumm.h	2010-10-23 00:30:21 UTC (rev 53725)
+++ scummvm/trunk/engines/scumm/scumm.h	2010-10-23 02:18:08 UTC (rev 53726)
@@ -659,7 +659,7 @@
 	byte _saveLoadFlag, _saveLoadSlot;
 	uint32 _lastSaveTime;
 	bool _saveTemporaryState;
-	char _saveLoadFileName[32];
+	Common::String _saveLoadFileName;
 	char _saveLoadName[32];
 
 	bool saveState(Common::OutSaveFile *out, bool writeHeader = true);


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

More information about the Scummvm-git-logs mailing list