[Scummvm-cvs-logs] SF.net SVN: scummvm:[52561] scummvm/trunk/engines/sci/engine/kscripts.cpp

lordhoto at users.sourceforge.net lordhoto at users.sourceforge.net
Sun Sep 5 16:59:09 CEST 2010 

Revision: 52561
          http://scummvm.svn.sourceforge.net/scummvm/?rev=52561&view=rev
Author:   lordhoto
Date:     2010-09-05 14:59:09 +0000 (Sun, 05 Sep 2010)

Log Message:
-----------
SCI: Fix bugs #3035650 and #3039566, crash in PEPPER demo and LAURABOW2.

The actual names for the bug reports are:
 #3035650 "PEPPER non-interactive demo: Crash"
 #3039566 "LAURABOW2: Crash during introduction"

Those crashes were caused by an invalid memory dereference in kClone. This
in turn was happening, because the parent object pointer might have been
invalidated in cases where the parent object is also a clone.

Modified Paths:
--------------
    scummvm/trunk/engines/sci/engine/kscripts.cpp

Modified: scummvm/trunk/engines/sci/engine/kscripts.cpp
===================================================================
--- scummvm/trunk/engines/sci/engine/kscripts.cpp	2010-09-05 13:51:47 UTC (rev 52560)
+++ scummvm/trunk/engines/sci/engine/kscripts.cpp	2010-09-05 14:59:09 UTC (rev 52561)
@@ -145,6 +145,7 @@
 reg_t kClone(EngineState *s, int argc, reg_t *argv) {
 	reg_t parent_addr = argv[0];
 	const Object *parent_obj = s->_segMan->getObject(parent_addr);
+	const bool parentIsClone = parent_obj->isClone();
 	reg_t clone_addr;
 	Clone *clone_obj; // same as Object*
 
@@ -162,6 +163,18 @@
 		return NULL_REG;
 	}
 
+	// In case the parent object is a clone itself we need to refresh our
+	// pointer to it here. This is because calling allocateClone might
+	// invalidate all pointers, references and iterators to data in the clones
+	// segment.
+	//
+	// The reason why it might invalidate those is, that the segement code
+	// (Table) uses Common::Array for internal storage. Common::Array now
+	// might invalidate references to its contained data, when it has to
+	// extend the internal storage size.
+	if (parentIsClone)
+		parent_obj = s->_segMan->getObject(parent_addr);
+
 	*clone_obj = *parent_obj;
 
 	// Mark as clone


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

More information about the Scummvm-git-logs mailing list