[Scummvm-cvs-logs] scummvm master -> 6779340b244fdb6b9643190c3beaa8ddbd4253e0
m-kiewitz
m_kiewitz at users.sourceforge.net
Tue Mar 8 03:36:13 CET 2016
This automated email contains information about 1 new commit which have been
pushed to the 'scummvm' repo located at https://github.com/scummvm/scummvm .
Summary:
6779340b24 SCI: Truncate channel data in case it goes beyond resource size
Commit: 6779340b244fdb6b9643190c3beaa8ddbd4253e0
https://github.com/scummvm/scummvm/commit/6779340b244fdb6b9643190c3beaa8ddbd4253e0
Author: Martin Kiewitz (m_kiewitz at users.sourceforge.net)
Date: 2016-03-08T03:36:02+01:00
Commit Message:
SCI: Truncate channel data in case it goes beyond resource size
Fixes invalid memory access during kq5 floppy ending
Changed paths:
engines/sci/resource_audio.cpp
diff --git a/engines/sci/resource_audio.cpp b/engines/sci/resource_audio.cpp
index 8209941..5717a09 100644
--- a/engines/sci/resource_audio.cpp
+++ b/engines/sci/resource_audio.cpp
@@ -688,6 +688,12 @@ SoundResource::SoundResource(uint32 resourceNr, ResourceManager *resMan, SciVers
channel->data = resource->data + dataOffset;
channel->size = READ_LE_UINT16(data + 4);
+
+ if (dataOffset + channel->size > resource->size) {
+ warning("Invalid size inside sound resource %d: track %d, channel %d", resourceNr, trackNr, channelNr);
+ channel->size = resource->size - dataOffset;
+ }
+
channel->curPos = 0;
channel->number = *channel->data;
More information about the Scummvm-git-logs
mailing list