[Scummvm-cvs-logs] scummvm master -> ea2ee4ada7a55ba4b4e65eaa649464f4b4242b01

bluegr bluegr at gmail.com
Wed Aug 6 14:13:01 CEST 2014 

This automated email contains information about 4 new commits which have been
pushed to the 'scummvm' repo located at https://github.com/scummvm/scummvm .

Summary:
1f2db34042 TOLTECS: Blacklist a pirated CD-RIP version (bug #6690)
672a46b84f DETECTOR: Do not show the zero matched size for illegitimate copies
9eb88328ca SCI: Fix script bug #6692 - QFG3: Crash when speaking at the top of the giant tree
ea2ee4ada7 SAGA: Fix OOB access in the Shorten decoder


Commit: 1f2db3404214088654d24616d9f22fc83929a709
    https://github.com/scummvm/scummvm/commit/1f2db3404214088654d24616d9f22fc83929a709
Author: Filippos Karapetis (bluegr at gmail.com)
Date: 2014-08-06T15:07:31+03:00

Commit Message:
TOLTECS: Blacklist a pirated CD-RIP version (bug #6690)

This is a known pirated version, where all the audio has been removed.
Thus, no support will be added for that version.

Changed paths:
    engines/toltecs/detection.cpp



diff --git a/engines/toltecs/detection.cpp b/engines/toltecs/detection.cpp
index b6c7ad3..e8f08bc 100644
--- a/engines/toltecs/detection.cpp
+++ b/engines/toltecs/detection.cpp
@@ -86,6 +86,20 @@ static const ToltecsGameDescription gameDescriptions[] = {
 	},
 
 	{
+		// 3 Skulls of the Toltecs PIRATE CD-RIP version (no audio)
+		// == DO NOT RE-ADD ==
+		{
+			"toltecs",
+			0,
+			AD_ENTRY1s("WESTERN", "56d0da91ec3db8ac869594357584e851", 104804435),
+			Common::EN_ANY,
+			Common::kPlatformDOS,
+			ADGF_PIRATED,
+			GUIO1(GUIO_NONE)
+		},
+	},
+
+	{
 		// 3 Skulls of the Toltecs Russian version
 		{
 			"toltecs",


Commit: 672a46b84f478abbc7d28fd493ed3ae1629fe677
    https://github.com/scummvm/scummvm/commit/672a46b84f478abbc7d28fd493ed3ae1629fe677
Author: Filippos Karapetis (bluegr at gmail.com)
Date: 2014-08-06T15:08:57+03:00

Commit Message:
DETECTOR: Do not show the zero matched size for illegitimate copies

Changed paths:
    engines/advancedDetector.cpp



diff --git a/engines/advancedDetector.cpp b/engines/advancedDetector.cpp
index fa23f5f..72629a8 100644
--- a/engines/advancedDetector.cpp
+++ b/engines/advancedDetector.cpp
@@ -122,7 +122,7 @@ bool cleanupPirated(ADGameDescList &matched) {
 
 		// We ruled out all variants and now have nothing
 		if (matched.empty()) {
-			warning("Illegitimate game copy detected. We give no support in such cases %d", matched.size());
+			warning("Illegitimate game copy detected. We provide no support in such cases");
 			return true;
 		}
 	}


Commit: 9eb88328ca05ba3e124e6ad9c53f9d76ff8279f7
    https://github.com/scummvm/scummvm/commit/9eb88328ca05ba3e124e6ad9c53f9d76ff8279f7
Author: Filippos Karapetis (bluegr at gmail.com)
Date: 2014-08-06T15:09:55+03:00

Commit Message:
SCI: Fix script bug #6692 - QFG3: Crash when speaking at the top of the giant tree

Changed paths:
    engines/sci/engine/workarounds.cpp



diff --git a/engines/sci/engine/workarounds.cpp b/engines/sci/engine/workarounds.cpp
index 37e46b7..ea4dc2f 100644
--- a/engines/sci/engine/workarounds.cpp
+++ b/engines/sci/engine/workarounds.cpp
@@ -44,7 +44,8 @@ const SciWorkaroundEntry arithmeticWorkarounds[] = {
 	{ GID_MOTHERGOOSEHIRES,90,   90,  0,      "newGameButton", "select",         -1,    0, { WORKAROUND_FAKE,   0 } }, // op_ge: MUMG Deluxe, when selecting "New Game" in the main menu. It tries to compare an integer with a list. Needs to return false for the game to continue.
 	{ GID_PHANTASMAGORIA, 902,    0,  0,                   "", "export 7",       -1,    0, { WORKAROUND_FAKE,   0 } }, // op_shr: when starting a chapter in Phantasmagoria
 	{ GID_QFG1VGA,        301,  928,  0,              "Blink", "init",           -1,    0, { WORKAROUND_FAKE,   0 } }, // op_div: when entering the inn, gets called with 1 parameter, but 2nd parameter is used for div which happens to be an object
-	{ GID_QFG2,           200,  200,  0,              "astro", "messages",       -1,    0, { WORKAROUND_FAKE,   0 } }, // op_lsi: when getting asked for your name by the astrologer bug #5152
+	{ GID_QFG2,           200,  200,  0,              "astro", "messages",       -1,    0, { WORKAROUND_FAKE,   0 } }, // op_lsi: when getting asked for your name by the astrologer - bug #5152
+	{ GID_QFG3,           780,  999,  0,                   "", "export 6",       -1,    0, { WORKAROUND_FAKE,   0 } }, // op_add: trying to talk to yourself at the top of the giant tree - bug #6692
 	{ GID_QFG4,           710,64941,  0,          "RandCycle", "doit",           -1,    0, { WORKAROUND_FAKE,   1 } }, // op_gt: when the tentacle appears in the third room of the caves
 	SCI_WORKAROUNDENTRY_TERMINATOR
 };


Commit: ea2ee4ada7a55ba4b4e65eaa649464f4b4242b01
    https://github.com/scummvm/scummvm/commit/ea2ee4ada7a55ba4b4e65eaa649464f4b4242b01
Author: Filippos Karapetis (bluegr at gmail.com)
Date: 2014-08-06T15:12:07+03:00

Commit Message:
SAGA: Fix OOB access in the Shorten decoder

The changes are based on the Java implementation of the Shorten decoder.
This avoids all the out of bounds access (negative array indices), but
it still doesn't fully fix the actual decoder

Changed paths:
    engines/saga/shorten.cpp



diff --git a/engines/saga/shorten.cpp b/engines/saga/shorten.cpp
index 426430c..edb12a3 100644
--- a/engines/saga/shorten.cpp
+++ b/engines/saga/shorten.cpp
@@ -29,6 +29,8 @@
 
 // Based on etree's Shorten tool, version 3.6.1
 // http://etree.org/shnutils/shorten/
+// and
+// https://github.com/soiaf/Java-Shorten-decoder
 
 // FIXME: This doesn't work yet correctly
 
@@ -154,6 +156,7 @@ uint32 ShortenGolombReader::getUint32(uint32 numBits) {
 
 byte *loadShortenFromStream(Common::ReadStream &stream, int &size, int &rate, byte &flags) {
 	int32 *buffer[2], *offset[2];	// up to 2 channels
+	int32 *oldValues[2];
 	byte *unpackedBuffer = 0;
 	byte *pBuf = unpackedBuffer;
 	int prevSize = 0;
@@ -190,15 +193,18 @@ byte *loadShortenFromStream(Common::ReadStream &stream, int &size, int &rate, by
 
 	switch (type) {
 		case kTypeS8:
+			mean = 0;
 			break;
 		case kTypeU8:
 			flags |= Audio::FLAG_UNSIGNED;
+			mean = 0x80;
 			break;
 		case kTypeS16LH:
 			flags |= Audio::FLAG_LITTLE_ENDIAN;
 			// fallthrough
 		case kTypeS16HL:
 			flags |= Audio::FLAG_16BITS;
+			mean = 0;
 			break;
 		case kTypeU16LH:
 			flags |= Audio::FLAG_LITTLE_ENDIAN;
@@ -206,6 +212,7 @@ byte *loadShortenFromStream(Common::ReadStream &stream, int &size, int &rate, by
 		case kTypeU16HL:
 			flags |= Audio::FLAG_16BITS;
 			flags |= Audio::FLAG_UNSIGNED;
+			mean = 0x8000;
 			break;
 		case kTypeWAV:
 			// TODO: Perhaps implement this if we find WAV Shorten encoded files
@@ -264,8 +271,10 @@ byte *loadShortenFromStream(Common::ReadStream &stream, int &size, int &rate, by
 	for (i = 0; i < channels; i++) {
 		buffer[i] = (int32 *)malloc((blockSize + wrap) * 4);
 		offset[i] = (int32 *)malloc((MAX<uint32>(1, mean)) * 4);
+		oldValues[i] = (int32 *)malloc(64 * 4);
 		memset(buffer[i], 0, (blockSize + wrap) * 4);
 		memset(offset[i], 0, (MAX<uint32>(1, mean)) * 4);
+		memset(oldValues[i], 0, 64 * 4);
 	}
 
 	if (maxLPC > 0)
@@ -329,9 +338,6 @@ byte *loadShortenFromStream(Common::ReadStream &stream, int &size, int &rate, by
 						channelOffset = (channelOffset >> (bitShift - 1)) >> 1;
 				}
 
-				// FIXME: The original code in this bit tries to modify memory outside of the array (negative indices)
-				// in cases kCmdDiff1, kCmdDiff2 and kCmdDiff3
-				// I've removed those invalid writes, since they happen all the time (even when curChannel is 0)
 				switch (cmd) {
 					case kCmdZero:
 						for (i = 0; i < blockSize; i++)
@@ -342,22 +348,34 @@ byte *loadShortenFromStream(Common::ReadStream &stream, int &size, int &rate, by
 							buffer[curChannel][i] = gReader->getSRice(energy) + channelOffset;
 						break;
 					case kCmdDiff1:
-						gReader->getSRice(energy);	// i = 0 (to fix invalid table/memory access)
-						for (i = 1; i < blockSize; i++)
-							buffer[curChannel][i] = gReader->getSRice(energy) + buffer[curChannel][i - 1];
+						for (i = 0; i < blockSize; i++) {
+							if (i == 0)
+								buffer[curChannel][i] = gReader->getSRice(energy) + oldValues[curChannel][0];
+							else
+								buffer[curChannel][i] = gReader->getSRice(energy) + buffer[curChannel][i - 1];
+						}
 						break;
 					case kCmdDiff2:
-						gReader->getSRice(energy);	// i = 0 (to fix invalid table/memory access)
-						gReader->getSRice(energy);	// i = 1 (to fix invalid table/memory access)
-						for (i = 2; i < blockSize; i++)
-							buffer[curChannel][i] = gReader->getSRice(energy) + 2 * buffer[curChannel][i - 1] - buffer[curChannel][i - 2];
+						for (i = 0; i < blockSize; i++) {
+							if (i == 0)
+								buffer[curChannel][i] = gReader->getSRice(energy) + 2 * oldValues[curChannel][0] - oldValues[curChannel][1];
+							else if (i == 1)
+								buffer[curChannel][i] = gReader->getSRice(energy) + 2 * buffer[curChannel][0] - oldValues[curChannel][0];
+							else
+								buffer[curChannel][i] = gReader->getSRice(energy) + 2 * buffer[curChannel][i - 1] - buffer[curChannel][i - 2];
+						}
 						break;
 					case kCmdDiff3:
-						gReader->getSRice(energy);	// i = 0 (to fix invalid table/memory access)
-						gReader->getSRice(energy);	// i = 1 (to fix invalid table/memory access)
-						gReader->getSRice(energy);	// i = 2 (to fix invalid table/memory access)
-						for (i = 3; i < blockSize; i++)
-							buffer[curChannel][i] = gReader->getSRice(energy) + 3 * (buffer[curChannel][i - 1] - buffer[curChannel][i - 2]) + buffer[curChannel][i - 3];
+						for (i = 0; i < blockSize; i++) {
+							if (i == 0)
+								buffer[curChannel][i] = gReader->getSRice(energy) + 3 * (oldValues[curChannel][0] - oldValues[curChannel][1]) + oldValues[curChannel][2];
+							else if (i == 1)
+								buffer[curChannel][i] = gReader->getSRice(energy) + 3 * (buffer[curChannel][0] - oldValues[curChannel][0]) + oldValues[curChannel][1];
+							else if (i == 2)
+								buffer[curChannel][i] = gReader->getSRice(energy) + 3 * (buffer[curChannel][1] - buffer[curChannel][0]) + oldValues[curChannel][0];
+							else
+								buffer[curChannel][i] = gReader->getSRice(energy) + 3 * (buffer[curChannel][i - 1] - buffer[curChannel][i - 2]) + buffer[curChannel][i - 3];
+						}
 						break;
 					case kCmdQLPC:
 						lpcNum = gReader->getURice(2);
@@ -417,10 +435,12 @@ byte *loadShortenFromStream(Common::ReadStream &stream, int &size, int &rate, by
 
 
 				// Do the wrap
-				// FIXME: removed for now, as this corrupts the heap, because it
-				// accesses negative array indices
-				//for (int32 k = -wrap; k < 0; k++)
-				//	buffer[curChannel][k] = buffer[curChannel][k + blockSize];
+				for (i = 0; i < 64; ++i)
+					oldValues[curChannel][i] = 0;
+
+				int arrayTerminator = MIN<int>(64, blockSize);
+				for (i = 0; i < arrayTerminator; ++i)
+					oldValues[curChannel][i] = buffer[curChannel][blockSize - (i + 1)];
 
 				// Fix bitshift
 				if (bitShift > 0) {
@@ -495,6 +515,7 @@ byte *loadShortenFromStream(Common::ReadStream &stream, int &size, int &rate, by
 				for (i = 0; i < channels; i++) {
 					free(buffer[i]);
 					free(offset[i]);
+					free(oldValues[i]);
 				}
 
 				if (maxLPC > 0)
@@ -516,6 +537,7 @@ byte *loadShortenFromStream(Common::ReadStream &stream, int &size, int &rate, by
 	for (i = 0; i < channels; i++) {
 		free(buffer[i]);
 		free(offset[i]);
+		free(oldValues[i]);
 	}
 
 	if (maxLPC > 0)

More information about the Scummvm-git-logs mailing list