[Scummvm-cvs-logs] scummvm master -> a12e32983c9cc9ba4c6b2ae9d2c4b96545df8bd7

sev- sev at scummvm.org
Sun Feb 9 21:02:46 CET 2014


This automated email contains information about 1 new commit which have been
pushed to the 'scummvm' repo located at https://github.com/scummvm/scummvm .

Summary:
a12e32983c FULLPIPE: Fix buffer overruns in scene27


Commit: a12e32983c9cc9ba4c6b2ae9d2c4b96545df8bd7
    https://github.com/scummvm/scummvm/commit/a12e32983c9cc9ba4c6b2ae9d2c4b96545df8bd7
Author: Eugene Sandulenko (sev at scummvm.org)
Date: 2014-02-09T12:02:06-08:00

Commit Message:
FULLPIPE: Fix buffer overruns in scene27

Changed paths:
    engines/fullpipe/scenes.h
    engines/fullpipe/scenes/scene27.cpp



diff --git a/engines/fullpipe/scenes.h b/engines/fullpipe/scenes.h
index a83c288..0228d1f 100644
--- a/engines/fullpipe/scenes.h
+++ b/engines/fullpipe/scenes.h
@@ -201,7 +201,7 @@ struct BallChain {
 	Ball *field_8;
 	int numBalls;
 	Ball *pTail;
-	Ball *cPlex;
+	byte *cPlex;
 	int cPlexLen;
 
 	BallChain() : pHead(0), field_8(0), pTail(0), numBalls(0), cPlex(0), cPlexLen(0) {}
diff --git a/engines/fullpipe/scenes/scene27.cpp b/engines/fullpipe/scenes/scene27.cpp
index 7564ea2..2024faf 100644
--- a/engines/fullpipe/scenes/scene27.cpp
+++ b/engines/fullpipe/scenes/scene27.cpp
@@ -80,9 +80,9 @@ void scene27_initScene(Scene *sc) {
 		Ball *lastP = g_vars->scene27_balls.field_8;
 
 		if (!g_vars->scene27_balls.pTail) {
-			g_vars->scene27_balls.cPlex = (Ball *)calloc(g_vars->scene27_balls.cPlexLen, sizeof(Ball));
+			g_vars->scene27_balls.cPlex = (byte *)calloc(g_vars->scene27_balls.cPlexLen, sizeof(Ball));
 
-			Ball *p1 = g_vars->scene27_balls.cPlex + (g_vars->scene27_balls.cPlexLen - 1) * sizeof(Ball);
+			byte *p1 = g_vars->scene27_balls.cPlex + (g_vars->scene27_balls.cPlexLen - 1) * sizeof(Ball);
 
 			if (g_vars->scene27_balls.cPlexLen - 1 < 0) {
 				runPtr = g_vars->scene27_balls.pTail;
@@ -90,8 +90,8 @@ void scene27_initScene(Scene *sc) {
 				runPtr = g_vars->scene27_balls.pTail;
 
 				for (int j = 0; j < g_vars->scene27_balls.cPlexLen; j++) {
-					p1->p1 = runPtr;
-					runPtr = p1;
+					((Ball *)p1)->p1 = runPtr;
+					runPtr = (Ball *)p1;
 
 					p1 -= sizeof(Ball);
 				}
@@ -458,10 +458,12 @@ void sceneHandler27_driverPushButton() {
 }
 
 void sceneHandler27_maidSwitchback() {
+#ifndef DBG
 	if (g_fp->getObjectState(sO_Maid) == g_fp->getObjectEnumState(sO_Maid, sO_WithSwab)) {
 		g_vars->scene27_maid->changeStatics2(ST_MID_SWAB);
 		g_vars->scene27_maid->startMQIfIdle(QU_MID_SWITCHBACK, 1);
 	}
+#endif
 }
 
 void sceneHandler27_batLogic() {
@@ -570,9 +572,9 @@ void sceneHandler27_sub02() {
 		StaticANIObject *newbat = g_vars->scene27_var07[i]->ani;
 
 		if (!g_vars->scene27_balls.pTail) {
-			g_vars->scene27_balls.cPlex = (Ball *)calloc(g_vars->scene27_balls.cPlexLen, sizeof(Ball));
+			g_vars->scene27_balls.cPlex = (byte *)calloc(g_vars->scene27_balls.cPlexLen, sizeof(Ball));
 
-			Ball *p1 = g_vars->scene27_balls.cPlex + (g_vars->scene27_balls.cPlexLen - 1) * sizeof(Ball);
+			byte *p1 = g_vars->scene27_balls.cPlex + (g_vars->scene27_balls.cPlexLen - 1) * sizeof(Ball);
 
 			if (g_vars->scene27_balls.cPlexLen - 1 < 0) {
 				runPtr = g_vars->scene27_balls.pTail;
@@ -580,8 +582,8 @@ void sceneHandler27_sub02() {
 				runPtr = g_vars->scene27_balls.pTail;
 
 				for (int j = 0; j < g_vars->scene27_balls.cPlexLen; j++) {
-					p1->p1 = runPtr;
-					runPtr = p1;
+					((Ball *)p1)->p1 = runPtr;
+					runPtr = (Ball *)p1;
 
 					p1 -= sizeof(Ball);
 				}






More information about the Scummvm-git-logs mailing list